The United States, alongside several of its allies including the UK, are accusing the Russian military of attacking global critical infrastructure units through malicious cyber operations bent on espionage, sabotage, and reputational damage.
The FBI, NSA, and CISA have published a joint advisory assessing the cyber actors affiliated with the Russian GRU 161st Specialist Training Center, otherwise known as Unit 29155. The group has been active since 2020, but began deploying WhisperGate malware against Ukrainian organizations in January 2022.
In addition to leveraging the malware against Ukrainian victims, the group has also conducted network operations against numerous members of NATO in North America and Europe, as well as targets in Latin America and Central Asia. These operations include website defacements, infrastructure scanning, data exfiltration, and data leaking.
According to the advisory, “Unit 29155 cyber actors are known to target critical infrastructure and key resource sectors, including the government services, financial services, transportation systems, energy, and healthcare sectors.”
Though overt attacks on critical infrastructure are concerning, the issue goes further than that.
“While cyberattacks against critical infrastructure are certainly concerning, it is even more concerning to imagine that adversaries could gain access to systems without our knowledge and remain hidden until an issue occurred, and could then be used to take down critical tools, utilities, or communication systems,” said Erich Kron, security awareness advocate at KnowBe4. Kron cited “vendors providing services to these critical infrastructure partners” as being at high risk for related attacks as well.
Organizations can mitigate against these kinds of threats by prioritizing routine system updates and remediating known exploited vulnerabilities; segmenting networks to prevent the spread of malware or malicious activity; and enabling phishing-resistant multifactor authentication, especially for webmail, VPNs, and critical system accounts.
Source: www.darkreading.com