The Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint cybersecurity advisory on Oct. 22 to warn operators of state, local, territorial, and tribal (SLTT) government networks that they may be targeted by Russian state-sponsored advanced persistent threat (APT) actors.
“The Russian-sponsored APT actor is obtaining user and administrator credentials to establish initial access, enable lateral movement once inside the network, and locate high value assets in order to exfiltrate data,” the advisory says.
According to the advisory, the state-sponsored APT has been active since at least September, and has targeted “dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as a of Oct. 1, 2020, exfiltrated data from at least two victim servers.”
FBI and CISA said they have no information indicating that the threat actor has intentionally disrupted any aviation, education, elections, or other SLTT government networks. The two Federal agencies said in the advisory that they will continue to monitor the cyber activity and its proximity to elections infrastructure, given the heightened awareness surrounding the elections.
“As this recent malicious activity has been directed at SLTT government networks, there may be some risk to elections information housed on SLTT government networks,” the advisory says. “However, the FBI and CISA have no evidence to date that integrity of elections data has been compromised.”