Pro-Russia Hacktivists Conduct... Note

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure

The Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and other partners have released a joint advisory on the targeting of critical infrastructure by pro-Russia hacktivists. These groups are conducting less sophisticated attacks against critical infrastructure entities, using minimally secured internet-facing virtual network computing connections to infiltrate operational technology control devices. The targeted sectors include Water and Wastewater Systems, Food and Agriculture, and Energy, with the goal of causing physical damage and disrupting operations. The authoring organizations encourage critical infrastructure organizations to implement recommendations to reduce the likelihood and impact of pro-Russia hacktivist-related incidents. Pro-Russia hacktivist groups, such as Cyber Army of Russia Reborn, Z-Pentest, NoName057(16), and Sector16, are capitalizing on the widespread prevalence of accessible VNC devices to execute attacks. These groups have limited capabilities and frequently misunderstand the processes they aim to disrupt, but they can still cause harm to vulnerable critical infrastructure. The authoring organizations assess that some of these groups have associations with the Russian state through direct or indirect support. The groups use opportunistic targeting methodology, leveraging superficial criteria such as victim availability and existing vulnerabilities, rather than focusing on strategically significant entities. The advisory provides recommendations for critical infrastructure organizations to mitigate the risk of pro-Russia hacktivist attacks, including implementing secure remote access protocols and monitoring for suspicious activity. Overall, the joint advisory highlights the threat posed by pro-Russia hacktivists to critical infrastructure and the need for organizations to take proactive steps to protect themselves. The authoring organizations will continue to monitor the activities of these groups and provide updates as necessary to help critical infrastructure organizations stay ahead of the threat.