US and allies warn of Russian cyberattack threat to critical infrastructure

21 Apr 2022

Image: © Paweł Michałowski/

Nozomi Networks’ cybersecurity director said organisations should assume they’ve been breached if they are not already following the ‘bread and butter’ actions suggested in a Five Eyes alliance report.

Cybersecurity authorities from nations in the Five Eyes intelligence alliance have issued a warning about the threat of Russian state-sponsored cyberattacks on critical infrastructure systems.

Organisations in the US, UK, Australia, Canada and New Zealand said there is “evolving intelligence” that the Russian government is exploring options for potential cyberattacks. The joint advisory refers to the warning issued by US president Joe Biden last month about the threat to US critical infrastructure.

The latest warning provides detailed information on both Russian state-backed hacking operations and cybercriminal groups that have “publicly pledged support” to the Russian government.

“These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people,” the joint advisory said. “Some groups have also threatened to conduct cyber operations against countries and organisations providing materiel support to Ukraine.”

It added that threat actors from Russian organisations such as the GRU and the Russian Federal Security Service (FSB), described as the KGB’s successor agency, have previously conducted malicious cyber operations.

“FSB has been known to task criminal hackers for espionage-focused cyber activity; these same hackers have separately been responsible for disruptive ransomware and phishing campaigns,” the advisory said.

Earlier this month, US agencies released a warning about custom-made tools created by hackers that could target multiple industrial control systems and gain “full system access” to critical infrastructure. Cybersecurity firms that contributed to the warning said some of the malware discovered could be linked to Russia.

‘Bread and butter’ recommendations

The joint advisory provided a list of actions that critical infrastructure organisations should take to protect themselves from the growing threat of cyberattacks. These include patching all systems, fixing known vulnerabilities, adding multifactor authentication and monitoring “risky services” like remote desktop protocol.

Cybersecurity strategy director of IoT security firm Nozomi Networks, Chris Grove, said the joint advisory contains useful information for defenders to learn about various threat actors and their methods.

However, he added that the US Cybersecurity and Infrastructure Security Agency (CISA) has provided “bread and butter” recommendations.

“There’s nothing out of the ordinary, nothing over the top, and if operators of critical infrastructure aren’t already doing those things, they should stop now, assume they’ve been breached, and start thinking about resilience, consequence reduction and the impact to safety,” Grove said.

“The message should be loud and clear: Russian nexus-state actors are on the prowl, cyberspace has become a messy, hot war-zone, and everyone should be prepared for an attack from any direction.”

A week before Biden’s warning regarding Russian cyberthreats, the FBI and CISA warned organisations to be on alert and bolster their multifactor authentication security after revealing details of how state-sponsored hackers in Russia were able to gain access to an unnamed NGO’s network.

While Ukraine has borne the brunt of cyberattacks from Russia in recent months, the US hasn’t been spared from threats. Bloomberg reported last month that more than 100 employees of almost two dozen natural gas companies in the US were found to have been hacked by Russian actors.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic