IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

US gov issues fresh warning over Russian threat to critical infrastructure

The FBI, NSA and CISA have urged network defenders to be on "heightened alert" for Russian cyber attacks

Cyber security specialists at the US government have warned critical infrastructure network defenders to "adopt a heightened state of awareness" against Russian state-sponsored cyber attacks.

The Federal Bureau of Investigation (FBI), Cyber Security and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) issued a joint advisory on Tuesday providing an overview of the commonly used tactics and techniques used by Russian state-backed threat actors so the security community can take a more proactive stance on threat hunting.

The trio of federal agencies said these Russian hackers typically exploit flaws in popular enterprise products, listing known issues in products including Cisco routers (CVE-2019-1653), Oracle WebLogic (CVE-2020-14882), Citrix (CVE-2019-19781), Pulse Secure (CVE-2019-11510), and Microsoft Exchange (CVE-2020-0688).

"Russian state-sponsored APT actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware," the joint advisory reads. "The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments - including cloud environments - by using legitimate credentials.

"In some cases, Russian state-sponsored cyber operations against critical infrastructure organisations have specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware."

Organisations are recommended to apply a range of mitigations to ensure functional resilience and lower the risk of compromise. These include measures such as confirming reporting processes, minimising personnel gaps in security coverage, following industry best practices for identity and access management, and proactively monitoring threat feeds for patches.

Because Russian threat actors have a history of lingering in networks undetected for long periods of time, the FBI, NSA, and CISA recommend all critical infrastructure organisations to also implement robust log collection and retention, to aid incident investigations, and to proactively look for behavioural irregularities such as password spray attempts and detecting use of compromised credentials.

The trio of agencies also highlighted a number of incidents in recent history where Russian state-sponsored hackers have been found to attack local governments and critical infrastructure. 

From September 2020 to "at least" December 2020, Russian attackers targeted "dozens" of state, local, tribal, and territorial governments, as well as aviation networks, succeeding in extracting data from multiple victims.

They also pointed to Russia's instruction campaign in the US' energy sector between 2011 and 2018, deploying malware specially crafted for critical infrastructure environments and stealing data related to the industry. 

Related Resource

The Okta digital trust index

Exploring the human edge of trust

Woman types on a laptop, image is faded purple with title text beside it on white backgroundFree download

"When the FBI, CISA and NSA team up to issue a joint alert about Russian state-sponsored APTs, every security team on the planet needs to sit up and take notice," said Dr Süleyman Özarslan, co-founder of Picus Security to IT Pro. "This alert highlights the seriousness and prevalence of ongoing malicious cyber operations by Russian state-sponsored APT actors. It should also be of great assistance to the cybersecurity community in reducing the risk posed by these threats."

The advisory comes as US officials join Russia's representatives in Geneva to discuss Russia's potential invasion of Ukraine, a country which was also on the receiving end of Russian hackers targeting critical infrastructure between 2015 and 2016, the advisory noted.

Cyber security expert and former CISA director Chris Krebs suggested the timing of the advisory's publication could be interpreted as a warning to US organisations to prepare for the Geneva talks to go south, which they reportedly are after eight hours of discussions.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download


What is cyber warfare?

What is cyber warfare?

20 May 2022
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Why India wants to become a chipmaking powerhouse

Why India wants to become a chipmaking powerhouse

28 Jun 2022