russia_close_CROPPED

Russia could be making a move on US infrastructure, CISA warns. (Breaking Defense graphic)

WASHINGTON: US federal agencies, allied cyber authorities and industry today released their most stark warning yet that Russian cyber attacks are likely to increase against both private industry and public infrastructure targets, as the war in Ukraine enters its 56th day. 

Citing “evolving intelligence,” the Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation, National Security Agency and cybersecurity authorities from Australia, Canada, New Zealand and the United Kingdom released the joint advisory in wake of increased threats by Russian cyber groups targeting critical infrastructure both within and outside the Ukraine region. 

The “cybersecurity authorities urge critical infrastructure network defenders to prepare for and mitigate potential cyber threats — including destructive malware, ransomware, DDoS attacks, and cyber espionage — by hardening their cyber defenses and performing due diligence in identifying indicators of malicious activity,” the advisory states. 

The advisory points to recent Russian state-sponsored cyber operations, including distributed denial-of-service attacks, using malware against Ukrainian government organizations and recent public pledges by cybercrime groups for the Russian government. 

“These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people,” according to the advisory. “Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine. Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive.”

RELATED: Pentagon Wants $11.2B For Cyberspace Security, Training In FY23

The advisory also names specific cyber threat actors from Russian government and military organizations that have conducted operations, including the Russian Federal Security Service, Russian Foreign Intelligence Service, Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics, GRU’s Main Center for Special Technologies and the Russian General Staff Main Intelligence Directorate. 

The warning comes after President Joe Biden in March urged the private sector, which owns and operates most of America’s critical infrastructure, to “lock their digital doors” before Russian could get in in response to imposed sanctions. 

Holly Baroody, deputy to the commander at the Cyber National Mission Force, said today at the AFCEA Cyber Mission Summit some of the organization’s “hunt forward operations” staff have been to Ukraine and NATO partner countries to bolster their and the US’s defense against Russian cyber attacks. 

“We’re fighting the same bad actors the industry is fighting,” Baroody added. “When we identify a foreign threat and we’re able to share that with industry, then they share information back… This bidirectional sharing of threat information both enables our operations to go after those foreign cyber actors in foreign space and enables homeland network defense… Frankly, we go after anything in their ecosystem that makes them effective at attacking the United States.”