The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency released a joint Cybersecurity Advisory (CSA), Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. The CSA provides an overview of Russian state-sponsored cyber operations; commonly observed tactics, techniques, and procedures (TTPs); detection actions; incident response guidance; and mitigations. This advisory is being released to as part of our continuing cybersecurity mission with our interagency partners to warn organizations of potential cyber threats.
CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting. Additionally, we strongly urge network defenders to implement the CSA’s recommendations and mitigations, which will help organizations improve their functional resilience by reducing the risk of compromise or severe business degradation.
The CSA, which uses the MITRE ATT&CK® for Enterprise framework, version 10, includes technical details, including previously identified vulnerabilities known to be exploited by Russian state-sponsored APT actors for initial access. The three agencies strongly urge critical infrastructure leaders to take a few immediate actions, including:
- Be prepared. Confirm reporting processes and minimize personnel gaps in IT/OT security coverage. Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline.
- Enhance your organization’s cyber posture. Follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.
- Increase organizational vigilance. Stay current on reporting on this threat. Subscribeto CISA’s mailing list and feeds to receive notifications when CISA releases information about a security topic or threat.
For the complete list of immediate actions that include actions for improving functional resilience and incident response resources, executives and IT professionals should review this CSA in its entirety at cisa.gov/uscert/ncas/alerts/aa22-010a. Further, critical infrastructure organization leaders should review CISA Insights: Preparing for and Mitigating Cyber Threats for information on reducing cyber threats to their organization.
CISA encourages critical infrastructure executives and senior leaders to review the CISA Insights for guidance on proactively preparing their organizations for an incident. In addition, CISA encourages critical infrastructure organizations to take a closer look at themselves, their facilities, and their operations from the outside-in. Knowing how you may be exposed or targeted will help you to be better prepared (to act, collaborate, and report).
Your support to amplify this advisory through your communications and social media channels is appreciated. And as always, thank you for your continued collaboration.
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Cell: 217-299-3954 | firstname.lastname@example.org