Sunday, 23 Jun 2024

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are issuing this joint Cybersecurity Advisory to warn organizations about the increased cyber threats posed by Russian state-sponsored and criminal actors. This advisory is particularly important due to Russia’s invasion of Ukraine, which has escalated tensions and could lead to increased malicious cyber activity.

Russian State-Sponsored Cyber Operations

Russian state-sponsored cyber actors have demonstrated their capabilities to compromise IT networks, maintain persistent access, exfiltrate sensitive data, and disrupt critical industrial control systems. Recent operations have included distributed denial-of-service (DDoS) attacks against Ukrainian organizations. Some notable Russian state-sponsored APT (Advanced Persistent Threat) groups include:

  • BERSERK BEAR: This APT group has historically targeted Western European and North American entities, including government organizations, energy and transportation systems, and defense industrial base organizations. They have a destructive mandate and are associated with FSB’s Center 16.
  • Russian Federal Security Service (FSB), including FSB’s Center 16 and Center 18: FSB has conducted cyber operations targeting the energy sector, aviation organizations, government and military personnel, private organizations, cybersecurity companies, and journalists. They have been known to task criminal hackers for espionage-focused activities.

Russian Foreign Intelligence Service

The Russian Foreign Intelligence Service (SVR) has operated an APT group since at least 2008, targeting critical infrastructure organizations. Their cyber actors use sophisticated techniques, such as custom malware and lateral movement via “credential hopping.” SVR was responsible for the SolarWinds Orion supply chain compromise in 2020.

Tham Khảo Thêm:  Mac Tutorial: How to Easily Delete a User on MacBook Air or MacBook Pro

Russian General Staff Main Intelligence Directorate (GRU)

The GRU, particularly the 85th Main Special Service Center (GTsSS) and the Main Center for Special Technologies (GTsST), has conducted cyber espionage and destructive operations. They have targeted government organizations, travel and hospitality entities, research institutions, and non-governmental organizations.

Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM)

TsNIIKhM, a research organization under Russia’s Ministry of Defense, has developed destructive ICS malware. They are associated with the Triton (HatMan/TRISIS) malware, which targets safety instrumented systems within industrial control systems.

Russian-Aligned Cyber Threat Groups

In addition to state-sponsored APT groups, there are Russian-aligned cyber threat groups that may not be directly attributed to the Russian government but pose a significant threat. Some of these groups include PRIMITIVE BEAR and VENOMOUS BEAR.

Russian-Aligned Cybercrime Groups

Cybercrime groups with Russian alignment pose threats to critical infrastructure organizations through activities such as ransomware deployment and DDoS attacks. Some notable Russian-aligned cybercrime groups include The CoomingProject, Killnet, MUMMY SPIDER, SALTY SPIDER, SCULLY SPIDER, SMOKEY SPIDER, WIZARD SPIDER, and The XakNet Team. These groups are financially motivated and have publicly pledged support for the Russian government.

Protecting Against Cyber Threats

Critical infrastructure organizations should implement several measures to protect against Russian state-sponsored and criminal cyber threats. These measures include:

  • Patching all systems, prioritizing known exploited vulnerabilities.
  • Enforcing multifactor authentication for accounts.
  • Securing and monitoring Remote Desktop Protocol (RDP) and other risky services.
  • Providing end-user awareness and training to prevent successful social engineering and spearphishing campaigns.
Tham Khảo Thêm:  Project Management Outsourcing: Simplifying Your Business with Virtual Assistants

It is crucial for organizations to have cyber incident response and continuity of operations plans in place. Offline backups, rigorous configuration management, and strong spam filters are also important protective measures. Organizations should report incidents to the appropriate cyber and law enforcement authorities.

Frequently Asked Questions

Q: What are Russian state-sponsored cyber operations?
A: Russian state-sponsored cyber operations refer to cyber activities conducted by Russian government entities with the goal of compromising IT networks, maintaining persistent access, and carrying out espionage, disruption, or destruction of critical infrastructure.

Q: What are some notable Russian state-sponsored APT groups?
A: BERSERK BEAR, associated with FSB’s Center 16, has historically targeted entities in Western Europe and North America. SVR, the Russian Foreign Intelligence Service, has an APT group known as APT29 or COZY BEAR. The GRU’s 85th Main Special Service Center (GTsSS) and Main Center for Special Technologies (GTsST) are also involved in state-sponsored cyber operations.

Q: How can organizations protect against Russian cyber threats?
A: Organizations can protect against Russian cyber threats by patching systems, enforcing multifactor authentication, securing and monitoring risky services, and providing end-user awareness and training. It is crucial to have cyber incident response plans, offline backups, rigorous configuration management, and strong spam filters in place.

Q: What should organizations do if they detect suspicious activity or a cyber incident?
A: Organizations should immediately isolate affected systems, secure backups, collect relevant logs and data, and report incidents to appropriate cyber and law enforcement authorities. It is important to avoid paying ransoms to cybercriminals, as it may encourage further attacks.

Tham Khảo Thêm:  The Records Division of the Birmingham Police Department: Commitment, Excellence, Integrity


The joint Cybersecurity Advisory warns organizations about the increased cyber threats posed by Russian state-sponsored and criminal actors. These threats have escalated due to Russia’s invasion of Ukraine. By implementing protective measures and following incident response protocols, organizations can mitigate the risk posed by these cyber threats and safeguard their critical infrastructure. Stay vigilant, update defenses regularly, and report any suspicious activity to the appropriate authorities.

For more information about Eireview and staying up to date on the latest technology trends, visit Eireview.

Disclaimer: The information provided in this article is for informational purposes only. Eireview does not endorse any specific commercial products or services mentioned in this article.