(TLP:WHITE) Joint Cybersecurity Advisory AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing joint Cybersecurity Advisory AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure | CISA (TLP:WHITE). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.

Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats:

  • Patch all systems. Prioritize patching known exploited vulnerabilities.
  • Enforce multifactor authentication.
  • Secure and monitor Remote Desktop Protocol and other risky services.
  • Provide end-user awareness and training.

This advisory updates joint CSA Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure, which provided an overview of Russian state-sponsored cyber operations and commonly observed tactics, techniques, and procedures (TTPs). This CSA provides an overview of Russian state-sponsored advanced persistent threat (APT) groups, Russian-aligned cyber threat groups, and Russian-aligned cybercrime groups to help the cybersecurity community protect against possible cyber threats. The advisory provides technical details on malicious cyber operations by actors from the, Russian Federal Security Service, Russian Foreign Intelligence Service, Russian General Staff Main Intelligence Directorate, and Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics.

U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities urge critical infrastructure network defenders to prepare for and mitigate potential cyber threats—including destructive malware, ransomware, DDoS attacks, and cyber espionage—by hardening their cyber defenses and performing due diligence in identifying indicators of malicious activity. CISA also encourages federal partners to review our “Shields Up” webpage at www.cisa.gov/shields-up.

All organizations should report incidents and anomalous activity to CISA 24/7 Operations Center at report@cisa.gov or (888) 282-0870.

Thank you,