"The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.
Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks (see the March 21, 2022, Statement by U.S. President Biden for more information). Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations.
Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine. Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive.
This advisory updates joint CSA Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure, which provides an overview of Russian state-sponsored cyber operations and commonly observed tactics, techniques, and procedures (TTPs). This CSA—coauthored by U.S., Australian, Canadian, New Zealand, and UK cyber authorities with contributions from industry members of the Joint Cyber Defense Collaborative (JCDC)—provides an overview of Russian state-sponsored advanced persistent threat (APT) groups, Russian-aligned cyber threat groups, and Russian-aligned cybercrime groups to help the cybersecurity community protect against possible cyber threats.
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities urge critical infrastructure network defenders to prepare for and mitigate potential cyber threats—including destructive malware, ransomware, DDoS attacks, and cyber espionage—by hardening their cyber defenses and performing due diligence in identifying indicators of malicious activity. Refer to the Mitigations section of this advisory for recommended hardening actions.
For more information on Russian state-sponsored cyber activity, see CISA’s Russia Cyber Threat Overview and Advisories webpage. For more information on the heightened cyber threat to critical infrastructure organizations, see the following resources:
- Cybersecurity and Infrastructure Security Agency (CISA) Shields Up and Shields Up Technical Guidance webpages
- Australian Cyber Security Centre’s (ACSC) Advisory Australian Organisations Should Urgently Adopt an Enhanced Cyber Security Posture.
- Canadian Centre for Cyber Security (CCCS) Cyber Threat Bulletin Cyber Centre urges Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activityNational Cyber Security Centre New Zealand (NZ NCSC) General Security Advisory Understanding and preparing for cyber threats relating to tensions between Russia and Ukraine
- United Kingdom’s National Cyber Security Centre (NCSC-UK) guidance on how to bolster cyber defences in light of the Russian cyber threat."
Click here for a PDF version of this report.
Additional information such as Technical Details, etc. can be found on CISA's webpage: https://www.cisa.gov/uscert/ncas/alerts/aa22-110a