|Western governments issued a joint warning on Wednesday about a potential threat of increased malicious cyber activity by Russia against critical infrastructure as a response to sanctions imposed over its invasion of Ukraine. The cybersecurity agencies of the U.S., Britain, Australia, Canada, and New Zealand — which together form the Five Eyes intelligence-sharing alliance — said the war could expose organizations everywhere to cyber crime. “This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners,” the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) said in a statement on its website. CISA Director Jen Easterly said the advisory “reinforces the demonstrated threat and capability of Russian state-sponsored and Russian aligned cyber-criminal groups to our Homeland.” She added, “We know that malicious cyber activity is part of the Russian playbook. We also know that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure.”
The advisory, which was signed by the FBI and National Security Agency as well as Five Eyes allies, specifically pointed towards potential “malicious cyber operations” perpetrated by actors associated with the Russian Federal Security Service, Russian Foreign Intelligence Service, Russian General Staff Main Intelligence Directorate, and the Russian Ministry of Defense’s Central Scientific Institute of Chemistry and Mechanics. It also pointed towards the potential for cybercrime groups that have pledged to support the Russian government to carry out digital extortion attacks against Western targets. It warned that Russian state-sponsored cyber actors have the ability to compromise IT networks, steal large amounts of data from them while remaining hidden, deploy destructive malware, and lock down networks with “distributed denial of service” attacks. The advisory recommended that organizations take a number of immediate actions to safeguard their networks, including emphasizing the treatment of known exploited vulnerabilities, enforcing multiple authentications, supervising remote desktop protocols, and accommodating end-user awareness training.
Meanwhile, the U.S. on Wednesday unveiled its latest round of sanctions on Russia. The Treasury Department’s Office of Foreign Assets Control (OFAC) said it had designated Public Joint Stock Company Transkapitalbank, a Russian privately owned commercial bank that has operated since 1992. OFAC also targeted a “worldwide sanctions evasion and malign influence network” it said was led by Russian oligarch Konstantin Malofeyev, who was previously designated with sanctions in 2014 and was charged by the Justice Department with violating sanctions earlier this month. OFAC designated Malofeyev again on Wednesday, as well as Malofeyev’s son and 40 individuals and entities affiliated with Malofeyev’s networks — including “organizations whose primary mission is to facilitate sanctions evasion for Russian entities.” Finally, OFAC for the first time designated a virtual-currency mining company, specifically targeting cryptocurrency mining company Bitriver.
In addition to the Treasury’s announcement, Secretary of State Antony Blinken on Wednesday announced that the State Department had imposed visa restrictions on hundreds of Russian individuals. Russian President Vladmir Putin, meanwhile, said on Wednesday that “illegal” restrictions on Russian companies by Western states ran counter to World Trade Organization (WTO) rules and told his government to update Russia’s strategy in the WTO by June 1. Reuters, The Hill, Breaking Defense, The Guardian, CNN, CNBC, Politico, Bloomberg
Politico: Biden’s Options if Russia Hacks U.S. Infrastructure
Wall Street Journal: Cyber Chiefs Try New Tricks to Attract Talent
Bloomberg: Ukraine Ramps Up Cyber Defenses to Slow Surge in Attacks
CNN: U.S. Treasury Secretary and Other Finance Ministers Walk out of G20 Meeting with Russia
Reuters: Special Report: Sanctioned Weapons Mogul Who Supplied Russia’s Troops Has Ties to Philip Morris