The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.
Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure, drafted with contributions from industry members of the Joint Cyber Defense Collaborative, provides an overview of Russian state-sponsored advanced persistent threat groups, Russian-aligned cyber threat groups, and Russian-aligned cybercrime groups to help the cybersecurity community protect against possible cyber threats.
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities urge critical infrastructure network defenders to prepare for and mitigate potential cyber threats by hardening their cyber defenses as recommended in the joint CSA.
According to the Advisory, cyber threat actors from the following Russian government and military organizations have conducted malicious cyber operations against IT and/or OT networks:
- The Russian Federal Security Service (FSB), including FSB’s Center 16 and Center 18
- Russian Foreign Intelligence Service (SVR)
- Russian General Staff Main Intelligence Directorate (GRU), 85th Main Special Service Center (GTsSS)
- GRU’s Main Center for Special Technologies (GTsST)
- Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM)