Countries belonging to the Five Eyes intelligence alliance have warned Russian state-sponsored hackers and cybercriminal groups could target critical infrastructure.
The joint Cybersecurity Advisory from the U.S., Australia, Canada, New Zealand and the U.K. warned that evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks. Recent Russian state-sponsored operations have included distributed denial-of-service attacks, while older operations have included the deployment of malware targeting the Ukraine government and critical infrastructure organizations.
The advisory claims that the activity could expose organizations both within and beyond the region and may occur as a response to the economic costs imposed on Russia through sanctions as well as materiel support provided to Ukraine by the U.S., allies and partners.
While Russian state-sponsored hackers targeting companies in the west is not new, it is warned that the threat landscape is more complicated again due to cybercrime groups. The advisory states that some cybercrime groups have publicly pledged support for the Russian government and have threatened to conduct cyber operations in retaliation for actions against Russia. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support for Ukraine.
The full advisory details information on various Russian-associated cyber threats and cybercrime groups.
The five countries recommend that organizations take immediate action to prepare for and mitigate potential cyber threats. These include destructive malware, ransomware, DDoS attacks and cyber espionage. Organizations should harden their cyber defenses and perform due diligence in identifying indicators of malicious activity.
“This release broadens the consensus on a high level of threat to the Five Eyes countries and specifically names the threat actors of concern, “Casey Ellis, founder and chief technology officer at crowdsourced cybersecurity company Bugcrowd Inc., told SiliconANGLE. “While this is unsurprising in practice, it is visually significant. The statement reinforces Five Eye’s position that malicious cyber activity emanating from Russia is, in general, a clear and present danger to democratic countries.”
Rick Holland, chief information security officer and vice president of strategy at digital risk solutions firm Digital Shadows Ltd., noted that the alert is more of a primer and a level set versus breaking new information on Russian cyber operations.
“The alert does provide an excellent overview of the wide range of government, military and Russian aligned threat groups,” Holland explained. “This information will benefit less mature organizations that haven’t historically tracked these threat groups.”
Tim Erlin, vice president of strategy at enterprise and industrial organizations cybersecurity company Tripwire Inc., commented that “there is an incredible, and quite possibly overwhelming, amount of detail in this joint advisory. If you’re looking for a history of Russian-aligned threat groups and activity, this advisory is a good place to start.”
“With a broad threat like this, it’s difficult to layout a single mitigating activity that’s likely to make a difference,” Holland added. “So much of what needs to be done falls into the category of foundational best practices, but that reality shouldn’t prevent critical infrastructure organizations from taking action.”