Three federal agencies issued a joint alert this week about Russian state-sponsored cyber operations and threats to U.S. critical infrastructure.
The Cybersecurity Advisory, authored by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency, outlined Russian threat actors’ commonly observed tactics, techniques and procedures, as well as offering detection actions, incident response guidance and suggested mitigations.
The agencies noted that state-sponsored Russian actors have targeted a variety of critical infrastructure entities, including healthcare organizations.
“CISA, the FBI and NSA encourage the cybersecurity community – especially critical infrastructure network defenders – to adopt a heightened state of awareness and to conduct proactive threat hunting,” read the advisory.
WHY IT MATTERS
The alert comes amid diplomatic rumblings about Russia and Ukraine from the U.S. government.
On Friday, White House press secretary Jen Psaki said that the United States had concerns about Russia “laying the groundwork” for invading the neighboring country.
Russia denied the plans, reported Reuters, but said it could take action if its demands aren’t met – including that Ukraine be blocked from joining the NATO military alliance.
Meanwhile, a cyberattack hit Ukrainian government websites Friday morning. Although most officials declined to identify the culprits, at least one of the country’s agencies pointed the finger at Russia.
About 70 government websites were targeted, with some displaying a message in Ukrainian, Russian and Polish saying that visitors’ data had been leaked.
“All information about you has become public, be afraid and expect the worst,” the message said, as reported by the Washington Post.
Ukrainian officials said that residents’ data was safe.
In response to the attack, NATO said it and Ukraine would sign an agreement on enhanced cyber cooperation, which would include Ukrainian access to NATO’s malware information sharing platform.
“NATO’s strong political and practical support for Ukraine will continue,” said NATO Secretary General Jens Stoltenberg in a statement.
Also this week, Russia announced that it had arrested more than two dozen alleged members of the REvil ransomware gang on behalf of the United States.
However, experts said the move may have been intended to suggest such cooperation was conditional.
“The timing here is not an accident,” said Dmitri Alperovitch, chairman of the Silverado Policy Accelerator think tank, in an interview with the Post.
REvil is said to be behind several high-profile attacks, including one on the University Medical Center Southern Nevada in summer 2021 that affected the data of 1,300,000 people.
THE LARGER TREND
This isn’t the first time federal officials have sounded the alarm about Russian state hackers.
In April 2021, for example, the FBI, CISA and Department of Homeland Security warned about the potential threat posed, although White House officials said in November 2021 that Russia-linked attacks had decreased.
Of course, it’s not just Russia. Errol Weiss, chief security officer at H-ISAC, told Healthcare IT News this past year that “there are only a few dozen countries that don’t have a decent cyber-offensive capability.”
ON THE RECORD
“CISA, the FBI and NSA strongly urge network defenders to implement the recommendations … detailed in the mitigations section,” said the agencies in the alert. “These mitigations will help organizations improve their functional resilience by reducing the risk of compromise or severe business degradation.”