US warns against continued Russian state-sponsored cyber aggression
FBI, CISA, NSA issue joint advisory on understanding and mitigating threats to US critical infrastructure
The FBI, CISA and the NSA issued a joint warning earlier this week regarding Russian state-sponsored cyber operations. The advisory, titled “Understanding and Mitigating Russian State-Sponsored Cyber Threats to US Critical Infrastructure” provides an overview of the malicious groups’ tactics and techniques as well as detection actions, initial response guidelines and mitigation.
According to the advisory, “Historically, Russian state-sponsored advanced persistent threat (APT) actors have used common but effective tactics—including spearphishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target network.
“Russian state-sponsored APT actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware. The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments—including cloud environments—by using legitimate credentials.”
The advisory also provides several examples, such as attacks on local, tribal and territorial governments and aviation networks between September-December 2020; a global Energy Sector intrusion campaign between 2011-2018; and a campaign against Ukrainian critical infrastructure in 2015 and again in 2016
In addition, the advisory calls all organizations to improve their cyber security by immediately performing the following: patching all systems, implementing multi-factor authentication, using antivirus software, and developing internal contact lists and surge support.
Emphasis is placed on the importance of being constantly prepared and increasing organizational vigilance, as well as implementing network segmentation between IT and OT networks, and organizing OT assets into logical zones.
Russian state-backed malicious actors have also been exploiting the Log4j vulnerability discovered late last year. In December, the New York Times reported that the US and UK have sent cyber security teams to the Ukraine to help it against Russian aggression.