www.cisa.gov Open in urlscan Pro
2a02:26f0:3500:891::447a  Public Scan

Form analysis
2 forms found in the DOM

GET https://search.us-cert.gov/search

<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-xs searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-desktop" name="affiliate" type="hidden" value="cisa">
  <div class="form-group"><label class="sr-only" for="query-desktop">Enter Search Terms(s):</label>
    <div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-desktop" name="query" placeholder="Search" type="text">
      <div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" src="/sites/default/files/cisa/search-icon.png" title="search icon"></button></div>
    </div>
  </div>
</form>

GET https://search.us-cert.gov/search

<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-lg hidden-md searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-mobile" name="affiliate" type="hidden" value="cisa">
  <div class="form-group"><label class="sr-only" for="query-mobile">Enter Search Terms(s):</label>
    <div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-mobile" name="query" placeholder="Search" type="text">
      <div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" src="/sites/default/files/cisa/search-icon.png" title="search icon"></button></div>
    </div>
  </div>
</form>

Text Content

Skip to main content

An official website of the United States government

Here's how you know
 * REPORT(link sends email)
 * SUBSCRIBE
 * CONTACT
 * SITE MAP

Official websites use .gov
A .gov website belongs to an official government organization in the United
States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share
sensitive information only on official, secure websites.
Enter Search Terms(s):




--------------------------------------------------------------------------------


Toggle navigation
Enter Search Terms(s):



CISA NAVIGATION

 * 
 * 
 * 
 * 
 * 
 * 

--------------------------------------------------------------------------------

TLP:WHITE
TLP:WHITE


CISA, FBI, NSA, AND INTERNATIONAL PARTNERS ISSUE ADVISORY ON DEMONSTRATED
THREATS AND CAPABILITIES OF RUSSIAN STATE-SPONSORED AND CYBER CRIMINAL ACTORS

Original release date: April 20, 2022

--------------------------------------------------------------------------------

Advisory provides a comprehensive overview of Russian state-sponsored and cyber
criminal threats to Critical Infrastructure along with recommended mitigation
guidance for all organizations

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), along
with the Federal Bureau of Investigation (FBI), National Security Agency (NSA),
Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security(link
is external) (CCCS), National Cyber Security Centre New Zealand (NZ NCSC), and
the United Kingdom’s National Cyber Security Centre (NCSC-UK) and National Crime
Agency (NCA), with contributions from industry members of the Joint Cyber
Defense Collaborative, issued a joint Cybersecurity Advisory on Russian
state-sponsored and criminal cyber threats to critical infrastructure that could
impact organizations both within and beyond Ukraine.  

It is the most comprehensive view of the cyber threat posed by Russia to
critical infrastructure released by government cyber experts since the invasion
of Ukraine in February.  

The advisory provides technical details on malicious cyber operations by actors
from the Russian Federal Security Service (FSB), Russian Foreign Intelligence
Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and
Russian Ministry of Defense, Central Scientific Institute of Chemistry and
Mechanics (TsNIIKhM). It also includes details on Russian-aligned cyber threat
groups and cybercrime groups. Some of these cybercrime groups have recently
publicly pledged support for the Russian government and have threatened to
conduct cyber operations in retaliation for perceived cyber offensives against
Russia or against countries or organizations providing materiel support to
Ukraine. 

 The advisory recommends several immediate actions for all organizations to take
to protect their networks, which include:  

 * Prioritize patching of known exploited vulnerabilities; 
 * Enforce multifactor authentication; 
 * Monitor remote desktop protocol (RDP); and 
 * Provide end-user awareness and training 

  “We know that malicious cyber activity is part of the Russian playbook. We
also know that the Russian government is exploring options for potential
cyberattacks against U.S. critical infrastructure. Today’s cybersecurity
advisory released jointly by CISA and our interagency and international partners
reinforces the demonstrated threat and capability of Russian state-sponsored and
Russian aligned cyber-criminal groups to our Homeland,” said CISA Director Jen
Easterly. “We urge all organizations to review the guidance in this advisory as
well as visit www.cisa.gov/shields-up for continually updated information on how
to protect yourself and your business.”  

"The FBI is focused on exposing and disrupting malicious cyber activity by
Russia against our allies and our own networks," said Bryan Vorndran, FBI Cyber
Division Assistant Director. "We are working alongside our federal and
international partners to quickly share information that helps private industry
as well as the public to better protect and defend their systems from these
threats. We will continue to investigate these malicious threat actors through
our unique authorities and hold them accountable for their actions. We urge our
partners and the public to report any suspicious activity to www.ic3.gov.” 

 “Threats to critical infrastructure remain very real," said Rob Joyce, NSA
Cybersecurity Director. "The Russia situation means you must invest and take
action.” 

 “Recent intelligence and historic instances of destructive cyber attacks
indicate now is the time for organisations to improve their cyber security
posture,” said Abigail Bradshaw, Head, Australian Cyber Security Centre. “In
particular, critical infrastructure organisations should act now to raise
defences, not wait until being attacked. The ACSC stands ready to support its
critical infrastructure partners in responding to the threats we face - by
raising their awareness of the threat, sharing indicators of compromise, and
providing technical mitigation advice.” 

 “Russia has significant cyber capabilities and a demonstrated history of using
them irresponsibly, and state-sponsored malicious cyber activity is a real risk
to organizations around the world,” said Sami Khoury, Head, Canadian Centre for
Cyber Security. “By joining alongside our partners in releasing today’s joint
advisory, the Communications Security Establishment and its Canadian Centre for
Cyber Security continue to support making threat information more publicly
available, while providing specific advice and guidance to help protect against
these kinds of risks.” 

“We are currently seeing an increased potential for cyber-attacks on critical
infrastructures which may have a serious impact, even for countries and
organisations not directly targeted,” said Lisa Fong, Director of New Zealand’s
National Cyber Security Centre. “Organisations should take the opportunity to
consider their security posture, understand their critical systems and risks –
including across their supply chain – and exercise readiness. This joint
advisory with our partners provides organisations with important information
which will help them to build their cyber resilience by identifying and
mitigating risks they face.” 

“In this period of heightened cyber threat, it has never been more important to
plan and invest in longer-lasting security measures,” said Lindy Cameron, NCSC
CEO. “It is vital that all organisations accelerate plans to raise their overall
cyber resilience, particularly those defending our most critical assets. The
NCSC continues to collaborate with our international and law enforcement
partners to provide organisations with timely actionable advice to give them the
best chance of preventing cyber-attacks, wherever they come from.” 

“Cyber attacks have evolved and increased in scale and severity over recent
years, with the criminal groups behind them targeting the critical
infrastructure of countries around the world,” said Rob Jones, NCA Director
General for Cyber. “The NCA leads the UK law enforcement response to this
threat, working with a range of international partners to investigate cyber
criminals and disrupt the services they rely on. It is vital that organisations
help bolster this response by enhancing cyber resilience and reporting any
incidents of cyber crime to the authorities, to allow timely mitigation of
further attacks.” 

Because evolving intelligence indicates that the Russian government is exploring
options for potential cyberattacks, the cybersecurity authorities are providing
this robust advisory with several resources and mitigations that can help the
cybersecurity community protect against possible cyber threats from these
adversarial groups. Executives, leaders, and network defenders are urged to
implement recommendations to prepare for and mitigate the varied cyber threats
listed in the Cybersecurity Advisory here.  

All organizations should share information about incidents and unusual cyber
activity with their respective cybersecurity authorities. When cyber incidents
are reported quickly, it can contribute to stopping further attacks. In the
U.S., organizations should inform CISA’s 24/7 Operations Center at
report@cisa.gov(link sends email) or (888) 282-0870, or an FBI field office.  

About CISA: 

As the nation’s cyber defense agency, the Cybersecurity and Infrastructure
Security Agency (CISA) leads the national effort to understand, manage, and
reduce risk to the digital and physical infrastructure Americans rely on every
hour of every day. Visit CISA.gov for more information, or visit
www.CISA.gov/shields-up for information on how to protect your networks. 
 
Visit CISA on Twitter(link is external), Facebook(link is external),
LinkedIn(link is external), Instagram(link is external) 

Last Published Date: April 20, 2022
Cybersecurity & Infrastructure Security Agency
CONTACT SUBSCRIBE
        
REPORT(link sends email)
 

Need CISA’s help but don’t know where to start? Contact CISA Central(link sends
email)

 
Accountability   Privacy Policy   FOIA   No Fear Act   Accessibility   Plain
Writing   Plug-ins   Inspector General   DHS   The White House   USA.gov