US warns of Russian state-sponsored attacks on critical infrastructure
Adam Janofsky January 11, 2022

US warns of Russian state-sponsored attacks on critical infrastructure

Adam Janofsky

January 11, 2022

US warns of Russian state-sponsored attacks on critical infrastructure

Less than one day after Russia and the US held bilateral talks ​​over the deployment of troops near Ukraine, US intelligence and law enforcement agencies issued a warning to critical infrastructure operators about threats from Russian state-sponsored hackers.

The alert, jointly authored by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency, disclosed commonly observed tactics, techniques, and procedures (TTPs) used by the threat actors, as well as guidance on incident response and mitigation.

“CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting,” the report reads.

The advisory warned against “common but effective tactics” used to gain initial access to victim networks, including spearphishing, brute force attacks, and exploiting known vulnerabilities. In the past, Russian state-sponsored actors have used the following vulnerabilities to gain access to targeted systems:

But the alert also cautioned that actors have demonstrated “sophisticated tradecraft and cyber capabilities” by launching attacks using compromised third-party infrastructure and software, or deploying custom malware.

The agencies have issued a number of reports and advisories related to Russia-linked hacks in recent years, and the guidance issued Tuesday will likely be read by cybersecurity professionals as a warning to be on the lookout for certain malicious behavior. It references previous attacks including Russian state-sponsored actors targeting state, local, tribal, and territorial government networks in 2020, energy sector intrusions between 2011 and 2018, and a widely-reported campaign against Ukrainian critical infrastructure in 2015 and 2016.

In that last incident, Russian-linked hackers attacked Ukrainian energy companies leading to broad power outages. The attacks used malware to make computers inoperable and disrupt power grids.

As the conflict between Ukraine and Russia continues to escalate, the US and Britain in recent weeks sent cyberwarfare experts to Ukraine to better prepare the country for attacks on the electric grid and other critical infrastructure components, The New York Times reported.

Adam is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.