CISA/FBI: Significant Historical Cyber-Intrusion Campaigns Targeting ICS

To raise awareness of the risks to—and improve the cyber protection of—critical infrastructure, CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS:

CISA urges critical infrastructure owners and operators to review the publications listed above and apply the mitigations in Joint CISA-FBI CSA (AA21-201A) Gas Pipeline Intrusion Campaign, 2011-2013. CISA also encourages owners and operators to review AR-17-20045: Enhanced Analysis of Malicious Cyber Activity. These products contain threat actor tactics, techniques, and procedures (TTPs); technical indicators; and forensic analysis that critical infrastructure owners and operators can use to reduce their organizations’ exposure to cyber threats.

Although these publications detail historical activity, the TTPs remain relevant to help network defenders protect against intrusions. CISA published a Current Activity about this release that can be found here.


Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
Cell:  217-299-3954 |