The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency Tuesday advised cybersecurity professionals to be on alert for attacks from Russian state-sponsored hackers.
The DHS warning, issued alongside the National Security Agency and the Federal Bureau of Investigation, singled out critical infrastructure as being especially at risk. Russian state-sponsored hackers have in the past been able to gain access to energy networks in the U.S. and abroad. Most notably, in 2015 and 2016, suspected Russian hackers launched cyberattacks against Ukrainian power sources, leading to severe outages.
The advisory coincides with ongoing tension between the United States and Russia over Russia’s military buildup in Ukraine. The White House warned that the U.S. will take action if Russian troops enter the country. (The Kremlin has denied any plans to attack Ukraine.)
Russian hackers previously went after state and local governments and aviation networks in early 2020, compromising networks and stealing data from victims.
The advisory lists 14 known vulnerabilities exploited by suspected Russian hacking groups in the past. The agencies warn that threat actors rely on “common but effective tactics—including spearphishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target networks.”
“Logging is key!” NSA cybersecurity director Rob Joyce tweeted. “With Russian focus on persistent access to compromised networks, you need robust logs and focused effort to hunt, find, and kick them out.”