The Five Eyes countries have issued a joint security advisory warning about increased malicious attacks by Russian state-sponsored actors, criminal groups and terrorists targeting critical infrastructure organisations in the midst of Ukraine’s ongoing military siege.
“Evolving intelligence suggests that the Russian government may be exploring potential cyberattacks,” officials from Australia, Canada and New Zealand as well as the U.S. said.
Russia’s invasion in Ukraine may expose organisations within the region and abroad to more malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners. “
The advisory follows another alert from the U.S. government cautioning of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.
Over the past two months since the invasion commenced, Ukraine has been subjected to a blitzkrieg of targeted campaigns ranging from distributed denial-of-service (DDoS) attacks to the deployment of destructive malware aimed at governmental and infrastructure entities.
Wednesday’s alert noted that Russian state-sponsored cyber actors have the ability to compromise IT networks, maintain long-term persistence, steal sensitive data while remaining hidden, and disrupt and sabotage industrial control systems.
Cybercriminals groups such as Conti, aka Wizard Spider, have also joined the mix. They publicly support the Russian government. The CoomingProject and Killnet are other Russian-aligned cybercrime groups.
“The message should be loud and clear, Russian nexus-state actors are on the prowl, cyberspace has become a messy, hot war-zone, and everyone should be prepared for an attack from any direction,” Chris Grove, director of cybersecurity strategy at Nozomi Networks, said in a statement shared with The Hacker News.
The disclosure comes as the Federal Bureau of Investigation (FBI) notified of increased ransomware attacks likely targeting food and agriculture sectors companies during planting and harvest seasons.
“Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production,” the agency stated. “Initial intrusion vectors included known but unpatched common vulnerabilities and exploits, as well as secondary infections from the exploitation of shared network resources or compromise of managed services. “
In a separate move, the U.S. Treasury Department moved to sanction Russian cryptocurrency mining company Bitriver for helping the country evade sanctions, marking the first time a virtual coin mining firm has come under an economic blocklist. Russia is currently the world’s third largest country to use bitcoin mining.
“By operating vast server farms that sell virtual currency mining capacity internationally, these companies help Russia monetize its natural resources,” the Treasury said. However, they are vulnerable to sanctions because mining companies depend on fiat money and imported equipment. “