CISA, FBI, and NSA issue cybersecurity advisory on Russian cyber threats to U.S. critical infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency released a joint Cybersecurity Advisory (CSA), Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. The CSA provides an overview of Russian state-sponsored cyber operations; commonly observed tactics, techniques, and procedures (TTPs); detection actions; incident response guidance; and mitigations. This advisory is being released to as part of our continuing cybersecurity mission with our interagency partners to warn organizations of potential cyber threats.
CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting. Additionally, we strongly urge network defenders to implement the CSA’s recommendations and mitigations, which will help organizations improve their functional resilience by reducing the risk of compromise or severe business degradation.
The CSA, which uses the MITRE ATT&CK® for Enterprise framework, version 10, includes technical details, including previously identified vulnerabilities known to be exploited by Russian state-sponsored APT actors for initial access. The three agencies strongly urge critical infrastructure leaders to take a few immediate actions, including:
For the complete list of immediate actions that include actions for improving functional resilience and incident response resources, executives and IT professionals should review this CSA in its entirety at https://www.cisa.gov/uscert/ncas/alerts/aa22-010a. Further, critical infrastructure organization leaders should review CISA Insights: Preparing for and Mitigating Cyber Threats for information on reducing cyber threats to their organization.
CISA encourages critical infrastructure executives and senior leaders to review the CISA Insights for guidance on proactively preparing their organizations for an incident. In addition, CISA encourages critical infrastructure organizations to take a closer look at themselves, their facilities, and their operations from the outside-in. Knowing how you may be exposed or targeted will help you to be better prepared (to act, collaborate, and report).