“Historically, Russian state-sponsored advanced persistent threat (APT) actors have used common but effective tactics—including spearphishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target networks,” the advisory reads.
Officials listed a string of known vulnerabilities that have been exploited by suspected Russian hacking groups in the past.
“Russian state-sponsored APT actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware,” the advisory reads. “The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments—including cloud environments—by using legitimate credentials.”
Officials said that in some cases, Russian state-sponsored cyber operations against critical infrastructure organizations have “specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware” and listed a string of malware used in such attacks.
The agencies noted that hackers have targeted “state, local, tribal, and territorial (SLTT) governments and aviation networks” from September 2020 through at least December 2020, and they were able to successfully infiltrate networks and acquire data from multiple victims.
From 2011 to 2018, Russian hackers were also able to remotely access U.S. and international energy sector networks, where they deployed malware and collected ICS-related data.
Between 2015 and 2016, Russian state-sponsored APT actors conducted a cyberattack against Ukrainian energy distribution companies, which led to those companies experiencing unplanned power outages in December 2015, according to officials.
“CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint CSA,” the advisory reads.
The agencies recommended that critical infrastructure organizations be prepared for such attacks by minimizing personnel gaps in the technologies used to protect people, assets, and information, creating and maintaining a cyber incident response plan, and reporting any such incidents to the CISA, among others.
“These mitigations will help organizations improve their functional resilience by reducing the risk of compromise or severe business degradation,” the advisory reads.
“Unfortunately we have a great disparity in our principled approaches to this,” Russian Deputy Foreign Minister Sergei Ryabkov said during a Jan. 10 news conference. “The U.S. and Russia in some ways have opposite views on what needs to be done.”
Ryabkov also stressed after the meeting that Moscow has no plans to invade Ukraine, despite growing concern among Western nations after Russian President Vladimir Putin had reportedly amassed more than 100,000 soldiers near the border shared by the two nations, sparking concerns of a possible invasion. Russia has repeatedly denied the accusation.