Advanced persistent threat (APT) actors linked to Russia have been observed attacking a wide range of US organizations using various effective tactics to breach their networks, ranging from spear-phishing and brute-forcing accounts to exploiting a large variety of known security vulnerabilities.
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and National Security Agency (NSA) have warned critical infrastructure network defenders to be ready to detect and block incoming attacks targeting organizations from US critical infrastructure sectors organised by Russian-backed hacking groups.
The agencies stated that, “The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments—including cloud environments—by using legitimate credentials.”
In some cases, Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware.
US critical infrastructure organisations exposed to Russian-backed cyber operations are advised to focus on detecting their malicious activity by enforcing robust log collection/retention and looking for behavioral evidence or network and host-based artifacts.
The warning came after US and UK governments attributed the SolarWinds supply-chain attack and COVID-19 vaccine developer targeting to Russian SVR operators' cyber-espionage efforts from April 2021. The NSA, CISA, and the FBI also informed organizations and service providers regarding the top five vulnerabilities exploited in SVR attacks against US interests.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.