By Staff Writer.
The Five Eyes countries have joined forces to warn of likely Russian State sponsored and criminal cyber-threats to critical infrastructure in the wake of the Ukraine invasion. State cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom delivered the strongly worded warning on Thursday.
The joint advisory says evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks. It adds some cybercrime groups have also pledged support for the Russian government.
These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people.
“Since the start of the war, critical infrastructure globally has been on high alert to cyber-attacks,” says Poppy Gustafsson, CEO of UK cyber-defence company Darktrace. “We can say with a degree of confidence that the Russian state and state-affiliated actors have novel and destructive cyber-attacks in their arsenal, and it is only a matter of time before these are deployed.”
The advisory strongly encourages critical infrastructure network defenders to prepare and be alert for potential cyber-threats that run the gamut from destructive malware to ransomware, DDoS attacks, and cyber espionage.
“Following the attack on Ukraine, there is a heightened cyber threat environment globally, and the risk of cyber-attacks on Australian networks, either directly or inadvertently, has increased,” says the Australian Cyber Security Centre. “It is critical that Australian organisations are alert to these threats and take steps to adopt an enhanced cybersecurity posture and increase monitoring for threats.”
The Five Eyes advisory confirms Russia’s Federal Security Service (FSB), Foreign Intelligence Service (SVR), Intelligence Directorate (GRU), Center for Special Technologies (GTsST), and Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM) have previously conducted malicious cyber operations and maintain the capabilities to launch further cyber-attacks.
Also registering on the Five Eyes radar are Russian state-sponsored threat groups Primitive Bear, which has targeted Ukrainian infrastructure since 2013 and Venomous Bear, which has historically targeted NATO countries, defence contractors, and other organisations of intelligence value.
“Russia has previously displayed its ability to get into the heart of critical systems and launch attacks in cyber-space that have real-world impacts – such as the attack on Ukraine’s energy grid in 2015,” says Gustafsson. “The warning from the Five Eyes represents another global effort to combat disinformation and serves as another reminder of the urgency with which defenders must act to ensure their digital assets are protected.”
US, Australian, Canadian, New Zealand, and UK cyber authorities also say private Russian-aligned cybercrime groups remain a pernicious threat. Frequently focusing on DDoS attacks, the Five Eyes countries flag the CoomingProject, Killnet, Mummy Spider, Salty Spider, Scully Spider, Smokey Spider, Wizard Spider, and the Xaknet Team as particular threats.
“Cybercrime groups are typically financially motivated cyber actors that seek to exploit human or security vulnerabilities to enable direct theft of money or by extorting money from victims,” the advisory reads. ”These groups pose consistent threats to critical infrastructure organisations globally.”
Thursday’s advisory urges critical infrastructure organisations to prepare for and mitigate potential cyber threats by updating software, enforcing multi-factor authentication, securing and monitoring remote desktop protocols and other potentially risky services, and providing end-user awareness and training.
