On March 24, 2022, the Department of Justice unsealed two indictments charging four Russian government employees in two hacking campaigns that targeted critical infrastructure in the energy sector. We cover these indictments in depth here. Concurrently, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE) jointly published a Cybersecurity Advisory (CSA) relating to the hacks.… More
Category Archives: Russia
US, UK, Australia, Canada and New Zealand Issue Advisory on Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.
Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure,… More
Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure (i.e., Dealing with the Fallout from Russia’s Invasion of Ukraine)
The Cybersecurity & Infrastructure Security Agency (“CISA”) has just released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation. Malicious actors (i.e., Russia) may use tactics—such as misinformation, disinformation, and malinformation—to shape public opinion, undermine trust, and amplify division, which can lead to impacts to critical functions and services across multiple sectors. … More
Cybersecurity 2022 – The Year in Preview: Continued Threats to Nation’s Energy Supply as Regulators Race to Keep Up
Continued Threats of Ransomware Attacks
As we reported in our 2021 Year in Preview series, we began 2021 anticipating that ransomware would be a serious threat to critical energy infrastructure. These concerns were realized in May 2021 when the Colonial Pipeline Company’s (“Colonial”) entire 5,500-mile pipeline system carrying liquid fuels was shut down due to a ransomware attack by DarkSide, a hacking group that allegedly has loose ties to the Russian government.… More
CISA on Russia, Ukraine and Ransomware
According to the U.S. Cybersecurity and Infrastructure Security Agency (“CISA“), the potential hostilities between Russia and Ukraine are likely to spill over into cyber warfare. In this month’s CISA Insights:
Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies,… More
Biden Administration Focus on Cybercrime Continues with Israeli Companies Added to Entity List, New Export Controls, and Cryptocurrency Sanctions
On November 3, 2021, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) added two Israeli entities to the Entity List due to malicious cyber activities. In its press release, BIS stated that the designation of Israeli companies NSO Group and Candiru was based on evidence that these entities developed and supplied spyware to foreign governments, which was then used for malicious surveillance,… More
Colonial Pipeline Cyberattack Highlights Vulnerability of Nation’s Energy Sector
This post is a follow up from our recent discussion of the cyberattack that took the 5,500-mile Colonial Pipeline offline last week and the growing threat ransomware poses to our nation’s energy system. On May 10, 2021, a group called DarkSide took responsibility for the ransomware and the FBI has since confirmed the group’s involvement. DarkSide indicated that the attack was financially, not politically, motivated. DarkSide,… More