The Cybersecurity Infrastructure Security Agency (CISA), National Security Agency (NSA), and FBI are warning critical infrastructure owners and operators of Russian threats to domestic critical infrastructure.
The three agencies released a joint cybersecurity advisory (CSA) today warning of the threat and issuing advice and mitigation measures for any potential threats from Russian state actors.
“CISA, the FBI, and NSA encourage the cybersecurity community – especially critical infrastructure network defenders – to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint CSA,” the announcement says.
The advisory lists known vulnerabilities that have historically been exploited by Russian state-actors and warned that in addition to common tactics like brute force and spearphishing, state-sponsored advanced persistent threat actors have also utilized “sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware.”
Additionally, the agencies warn of capabilities similar to what was seen in the SolarWinds Orion attack, noting, “actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments – including cloud environments – by using legitimate credentials.”
The agencies warned organizations and critical infrastructure operators to be prepared, enhance their organization’s cyber posture, and increase organizational vigilance. In order to detect any such threat actors, the agencies advise organizations to “implement robust log collection and retention” and “look for behavioral evidence or network-based artifacts.”