Advisory Offers Most Comprehensive View On Cyber Threat Posed By Russia Since Invasion

by Paul Ciampoli
APPA News Director
April 23, 2022

The Cybersecurity and Infrastructure Security Agency (CISA), along with other U.S. government entities and a number of international organizations, recently issued a joint cybersecurity advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure that could impact organizations both within and beyond Ukraine.  

“It is the most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February,” CISA said on April 20.

The advisory provides technical details on malicious cyber operations by actors from the Russian Federal Security Service, Russian Foreign Intelligence Service, Russian General Staff Main Intelligence Directorate, and Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics.

It also includes details on Russian-aligned cyber threat groups and cybercrime groups. Some of these cybercrime groups have recently publicly pledged support for the Russian government and have threatened to conduct cyber operations in retaliation for perceived cyber offensives against Russia or against countries or organizations providing materiel support to Ukraine. 

The advisory recommends several immediate actions for all organizations to take to protect their networks, which include prioritizing patching of known exploited vulnerabilities, enforcing multifactor authentication, monitoring remote desktop protocol and providing end-user awareness and training. 

“We know that malicious cyber activity is part of the Russian playbook. We also know that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure. Today’s cybersecurity advisory released jointly by CISA and our interagency and international partners reinforces the demonstrated threat and capability of Russian state-sponsored and Russian aligned cyber-criminal groups to our Homeland,” said CISA Director Jen Easterly. “We urge all organizations to review the guidance in this advisory as well as visit www.cisa.gov/shields-up for continually updated information on how to protect yourself and your business.”  

CISA was joined in the April 20 advisory by the Federal Bureau of Investigation, the National Security Agency, the Australian Cyber Security Center, the Canadian Center for Cyber Security, New Zealand’s National Cyber Security Center and the United Kingdom’s National Cyber Security Center and National Crime Agency, with contributions from industry members of the Joint Cyber Defense Collaborative.