Powering Strong Communities

Cyber Activity Used By Indicted Russian State-Sponsored Actors Detailed

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE) recently published a joint cybersecurity advisory with information on multiple intrusion campaigns targeting U.S. and international energy sector organizations conducted by indicted Russian state-sponsored cyber actors from 2011 to 2018.

In conjunction with the Department of Justice unsealed indictments on March 24, the advisory provides the technical details of a global energy sector intrusion campaign using Havex malware, and the compromise of a Middle East-based energy sector organization using TRITON malware. Additional details about the indictments are available here.

While the advisory details historical cyber activity, CISA, FBI, and DOE assess that state-sponsored Russian cyber operations continue to pose an ongoing threat to U.S. energy sector networks.

The U.S. energy sector and critical infrastructure organizations more broadly are urged to apply the recommended mitigations, the agencies said.

Actions that executives and leaders can take now to protect their networks include:   

  • Implement and ensure robust network segmentation between information technology and industrial control systems (ICS) networks;   
  • Enforce multifactor authentication to authenticate into a system; and   
  • Manage the creation of, modification of, use of, and permissions associated with privileged accounts.   

“In light of the indictments announced today and evolving intelligence that the Russian Government is exploring options to conduct potential cyberattacks against the U.S., CISA, along with our FBI and DOE partners, is issuing this joint advisory to reinforce the demonstrated threat posed by Russian state-sponsored cyber actors,” said CISA Director Jen Easterly in a statement.

“While the intrusions highlighted in this advisory span an earlier period of time, the associated tactics, techniques, procedures, and mitigation steps are still highly relevant in the current threat environment,” she said.

In addition to the advisory, organizations should visit www.CISA.gov/shields-up for information on how to protect their networks.