CISA and FBI Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA) on destructive malware targeting organizations in Ukraine.  The joint advisory gives a high-level summary of the destructive malware being used, including both WhisperGate and HermeticWiper, against organizations in Ukraine to destroy computer systems and render them inoperable. It also includes open-source indicators of compromise (IOCs) for organizations to detect and prevent the malware from impacting their networks.

Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. Some immediate actions that can be taken to strengthen cyber posture include:

• Require multifactor authentication;
• Set antivirus and antimalware programs to conduct regular scans;
• Enable strong spam filters to prevent phishing emails from reaching end users;
• Update software; and
• Filter network traffic.

Also, CISA recently updated our “Shields Up” webpage and it now includes new services and resources, recommendations for corporate leader and chief executive officers, and actions to protect critical assets. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.

Your support to amplify this advisory through your communications and social media channels is appreciated. And as always, thank you for your continued collaboration.

Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Cell:  217-299-3954 | steven.lyddon@cisa.dhs.gov