Russian Cyber Attacks Against Critical Infrastructure

The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine.

"Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia, Canada, New Zealand, the U.K., and the U.S. said.

"Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners."


The advisory follows another alert from the U.S. government cautioning of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.

Over the past two months since the invasion commenced, Ukraine has been subjected to a blitzkrieg of targeted campaigns ranging from distributed denial-of-service (DDoS) attacks to the deployment of destructive malware aimed at governmental and infrastructure entities.

Wednesday's alert noted that Russian state-sponsored cyber actors have the ability to compromise IT networks, maintain long-term persistence, steal sensitive data while remaining hidden, and disrupt and sabotage industrial control systems.

Also joining the mix are cybercriminal groups like Conti (aka Wizard Spider), which publicly pledged support for the Russian government. Other Russian-aligned cybercrime syndicates include The CoomingProject, Killnet, Mummy Spider (the operators of Emotet), Salty Spider, Scully Spider, Smoky Spider, and the XakNet Team.

"The message should be loud and clear, Russian nexus-state actors are on the prowl, cyberspace has become a messy, hot war-zone, and everyone should be prepared for an attack from any direction," Chris Grove, director of cybersecurity strategy at Nozomi Networks, said in a statement shared with The Hacker News.

The disclosure comes as the Federal Bureau of Investigation (FBI) notified of increased ransomware attacks likely targeting food and agriculture sectors companies during planting and harvest seasons.

"Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production," the agency stated. "Initial intrusion vectors included known but unpatched common vulnerabilities and exploits, as well as secondary infections from the exploitation of shared network resources or compromise of managed services."

In a separate move, the U.S. Treasury Department moved to sanction Russian cryptocurrency mining company Bitriver for helping the country evade sanctions, marking the first time a virtual coin mining firm has come under an economic blocklist. Russia is the world's third-largest country for bitcoin mining.

"By operating vast server farms that sell virtual currency mining capacity internationally, these companies help Russia monetize its natural resources," the Treasury said. "However, mining companies rely on imported computer equipment and fiat payments, which makes them vulnerable to sanctions."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.