Five Eyes Nations warns of Russian cyberattacks on critical infrastructure

Five Eyes countries have issued advisory warnings network security on the increase in malicious attacks by Russian state-sponsored criminal organizations and groups against organizations the infrastructure important in the context of the ongoing military siege of Ukraine.

“Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks,” said authorities from Australia, Canada, New Zealand, the UK and the US.

“Russia’s invasion of Ukraine could cause organizations inside and outside the region to increase their malicious cyber activity. This operation may occur as a response to the unprecedented economic costs of Russia as well as the material support of the United States and its allies and partners. . “

The advice follows another warning from the US government warning national-state organizations to deploy specialized malware to maintain access to industrial control systems (ICS) and devices. controlled monitoring and data acquisition (SCADA).

In the past two months since the invasion began, Ukraine has suffered a series of targeted campaigns ranging from distributed denial of service (DDoS) attacks to destructive malware deployments. targeting government agencies and infrastructure.

Wednesday’s warning notes that Russian state-sponsored cyber actors have the ability to compromise IT networks, maintain them long-term, steal sensitive data while remaining hidden, and disrupt and sabotage industrial control systems.

Also joining the mix are cybercriminal groups like Conti (aka the Witch Spiders), which have publicly pledged to support the Russian government. Other Russian-linked cybercrime organizations include The CoomingProject, Killnet, Mummy Spider (the people who run Emotet), Salty Spider, Scully Spider, Smoky Spider, and the XakNet Team.

Chris Grove, Director of Cybersecurity Strategy said: “The message has to be loud and clear, Russian coalition state actors are lurking, cyberspace has become a chaotic, hot war zone. and everyone should be prepared for an attack from any direction,” at Nozomi Networks, said in a statement shared with The Hacker News.

The disclosure comes as the Federal Bureau of Investigation (FBI) notices an increase in attacks by ransomware likely to target companies in the agricultural and food sectors during the growing and harvesting seasons.

“Network actors may view cooperatives as lucrative targets with a willingness to pay due to their time-sensitive role in agricultural production,” the agency stated. “Primary intrusion vectors include known but unpatched generic vulnerabilities and exploits, as well as secondary infections from the exploitation of shared network resources or the compromise of managed services. physical.”

In a separate move, the US Treasury Department moved to sanction Russian crypto miner Bitriver for helping the country evade sanctions, marking the first time a miner has been impeached. put on the list of economic blockade. Russia is the world’s third largest country in terms of bitcoin mining.

“By operating vast server farms selling virtual currency mining capacity internationally, these companies help Russia monetize its natural resources,” the Finance Ministry said. “However, miners rely on imported computer equipment and fiat payments, which makes them vulnerable to punishment.”

.