Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

The Five Eyes nations have released a joint cybersecurity advisory^[1] warning of increased
malicious attacks^[2]
from Russian state-sponsored actors and criminal groups targeting
critical infrastructure organizations amidst the ongoing military
siege on Ukraine.

“Evolving intelligence indicates that the Russian government is
exploring options for potential cyberattacks,” authorities from
Australia, Canada, New Zealand, the U.K., and the U.S. said^[3].

“Russia’s invasion of Ukraine could expose organizations both
within and beyond the region to increased malicious cyber activity.
This activity may occur as a response to the unprecedented economic
costs imposed on Russia as well as material support provided by the
United States and U.S. allies and partners.”

The advisory^[4]
follows another alert^[5]
from the U.S. government cautioning of nation-state actors
deploying specialized malware to maintain access to industrial
control systems (ICS) and supervisory control and data acquisition
(SCADA) devices.

Over the past two months since the invasion commenced, Ukraine
has been subjected to a blitzkrieg of targeted^[6]
campaigns^[7]
ranging from distributed denial-of-service (DDoS) attacks to the
deployment of destructive malware aimed at governmental and
infrastructure entities.

Wednesday’s alert noted that Russian state-sponsored cyber
actors have the ability to compromise IT networks, maintain
long-term persistence, steal sensitive data while remaining hidden,
and disrupt and sabotage industrial control systems.

Also joining the mix are cybercriminal groups like Conti^[8]
(aka Wizard Spider), publicly pledged support for the Russian
government. Other Russian-aligned cybercrime syndicates include The
CoomingProject, Killnet, Mummy Spider (the operators of Emotet^[9]), Salty Spider, Scully
Spider, Smoky Spider, and the XakNet Team.

“The message should be loud and clear, Russian nexus-state
actors are on the prowl, cyberspace has become a messy, hot
war-zone, and everyone should be prepared for an attack from any
direction,” Chris Grove, director of cybersecurity strategy at
Nozomi Networks, said in a statement shared with The Hacker
News.

The disclosure comes as the Federal Bureau of Investigation
(FBI) notified of increased ransomware attacks likely targeting
food and agriculture sectors companies during planting and harvest
seasons.

“Cyber actors may perceive cooperatives as lucrative targets
with a willingness to pay due to the time-sensitive role they play
in agricultural production,” the agency stated^[10]. “Initial intrusion
vectors included known but unpatched common vulnerabilities and
exploits, as well as secondary infections from the exploitation of
shared network resources or compromise of managed services.”

In a separate move, the U.S. Treasury Department moved to
sanction Russian cryptocurrency mining company Bitriver for helping
the country evade sanctions, marking the first time a mining firm
has come under an economic blocklist. Russia is the world’s third-largest
country^[11] for bitcoin mining.

“By operating vast server farms that sell virtual currency
mining capacity internationally, these companies help Russia
monetize its natural resources,” the Treasury said^[12]. “However, mining
companies rely on imported computer equipment and fiat payments,
which makes them vulnerable to sanctions.”