The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine.
“Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks,” authorities from Australia, Canada, New Zealand, the U.K., and the U.S. said.
“Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners.”
The advisory follows another alert from the U.S. government cautioning of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.
Over the past two months, since the invasion commenced, Ukraine has been subjected to a blitzkrieg of targeted campaigns ranging from distributed denial-of-service (DDoS) attacks to the deployment of destructive malware aimed at governmental and infrastructure entities.
Wednesday’s alert noted that Russian state-sponsored cyber actors have the ability to compromise IT networks, maintain long-term persistence, steal sensitive data while remaining hidden, and disrupt and sabotage industrial control systems.
Also joining the mix are cybercriminal groups like Conti (aka Wizard Spider), which publicly pledged support for the Russian government. Other Russian-aligned cybercrime syndicates include The CoomingProject, Killnet, Mummy Spider (the operators of Emotet), Salty Spider, Scully Spider, Smoky Spider, and the XakNet Team.
“The message should be loud and clear, Russian nexus-state actors are on the prowl, cyberspace has become a messy, hot war-zone, and everyone should be prepared for an attack from any direction,” Chris Grove, director of the cybersecurity strategy at Nozomi Networks, said in a statement shared with The Hacker News. Read more: https://bit.ly/3MifFX1
You can also read this: Security Teams Prep Too Slowly for Cyberattacks