WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), Department of Energy (DOE), Environmental Protection Agency (EPA), Department of Defense’s Cyber Crime Center (DC3), and a coalition of global partners issued a joint cybersecurity advisory titled “Pro-Russia Hacktivists Conduct Opportunistic Attacks Against U.S. and Global Critical Infrastructure.” The advisory calls on critical infrastructure organizations to take immediate action to mitigate the risk of being targeted by pro-Russia hacktivist groups, which are actively engaging in opportunistic, low-sophistication malicious cyber activity across multiple sectors.
Pro-Russia hacktivist groups are aggressively pursuing visibility by amplifying their own nefarious cyber activity or even fabricating claims of malicious cyber activity against critical infrastructure. Their tactics are opportunity-driven by ease of access and known vulnerabilities rather than strategically targeted. This broad, indiscriminate approach has enabled them to strike a wide range of sectors, from water treatment facilities to oil well systems, often using easily repeatable and unsophisticated methods. The cumulative impact of this malicious cyber activity poses a persistent and disruptive threat to essential services.
“Russian-affiliated cyber actors continue to engage in malicious activity aimed at disrupting U.S. and allied critical infrastructure,” said CISA Acting Director Madhu Gottumukkala. “As the nation’s cyber defense agency, CISA—alongside our U.S. and international partners—urges all organizations to act now: review this joint advisory and implement the recommended mitigations to strengthen critical infrastructure defenses against these opportunistic threats.”
Pro-Russia hacktivist groups have successfully targeted supervisory control and data acquisition (SCADA) networks using basic methods, and in some cases, performed simultaneous DDoS attacks against targeted networks to facilitate SCADA intrusions. These groups exploit minimally secured, internet-facing virtual network computing (VNC) connections to gain unauthorized access to operational technology (OT) control devices within critical infrastructure systems. This joint advisory provides several actions and mitigations that will help organizations reduce the risk of being targeted to include:
- Reduce exposure of OT assets to the public-facing internet.
- Adopt mature asset management processes, including mapping data flows and access points.
- Ensure that OT assets are using robust authentication procedures.
“CISA is laser-focused on helping critical infrastructure operators strengthen their defenses against real and evolving cyber threats,” said CISA Executive Assistant Director for Cybersecurity Nick Andersen. “The pro-Russia hacktivist groups highlighted in this advisory have demonstrated intent and capability to inflict tangible harm on vulnerable systems. In addition to implementing the recommended mitigations and rigorously validating their security controls, we are calling upon all OT device manufacturers to prioritize secure-by-design principles—because building in security from the start is essential to reducing risk and safeguarding the nation’s most vital systems.”
“No matter where it originates, the FBI will not tolerate malicious cyber activity from pro-Russia hacktivist groups, particularly when it threatens critical infrastructure such as energy systems, water treatment facilities, and American farms,” said FBI Cyber Division Assistant Director Brett Leatherman. “The FBI is committed to holding these actors accountable, and we urge industry partners to review the joint advisory and implement the recommended safeguards.”
For more information on Russian state-sponsored cyber activity, see CISA’s Russia Cyber Threat Overview and Advisories webpage.
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.