April 21, 2022
The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), National Cyber Security Centre New Zealand (NZ NCSC), and the United Kingdom's National Cyber Security Centre (NCSC-UK) and National Crime Agency (NCA), with contributions from industry members of the Joint Cyber Defense Collaborative, announced a joint Cybersecurity Advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure that could impact organizations both within and beyond Ukraine. It is the most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February.
The advisory provides technical details on malicious cyber operations by actors from the:
It also includes details on Russian-aligned cyber threat groups and cybercrime groups. Some of these cybercrime groups have recently publicly pledged support for the Russian government and have threatened to conduct cyber operations in retaliation for perceived cyber offensives against Russia or against countries or organizations providing materiel support to Ukraine.
The advisory recommends several immediate actions for all organizations to take to protect their networks, which include:
Because evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks, the cybersecurity authorities are providing this robust advisory with several resources and mitigations that can help the cybersecurity community protect against possible cyber threats from these adversarial groups. Executives, leaders, and network defenders are urged to implement recommendations to prepare for and mitigate the varied cyber threats listed in the Cybersecurity Advisory here. This advisory updates joint CSA Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.
In addition to reviewing this new advisory, CISA encourages critical infrastructure executives and senior leaders to review our "Shields Up" webpage at www.cisa.gov/shields-up. Also, organizations should share information on incidents and unusual activity to CISA 24/7 Operations Center at email@example.com or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
We appreciate you sharing this information and/or amplifying with your cybersecurity community. CISA and other partners are posting information about our joint advisory on their social media platforms.