U.S. warns of 'increased' threats from Russian hacking groups

U.S. government agencies are warning the public of an expected increase in cyber attacks from hackers affiliated with the Russian government.

The Cybersecurity and Infrastructure Security Agency joined with the National Security Agency and Department of Justice in an advisory detailing the threats posed by Russian hacking groups -- both state-sponsored advanced persistent threat groups and also private cybercrime gangs that support Russia's invasion of Ukraine. The advisory warned that organizations within Ukraine as well as outside the region, including the U.S., could see "increased malicious cyber activity."

"This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners," the advisory said.

Also signing the joint advisory were the four other members of the Five Eyes intelligence network: the U.K., New Zealand, Australia and Canada.

Most notably, the advisory for the first time addressed the issue of private cybercriminal hacking groups either working directly with the Kremlin or acting on its behalf in vigilante-style hacking campaigns, as Russia continues to work on disrupting communications in Ukraine.

"Since Russia's invasion of Ukraine in February 2022, some cybercrime groups have independently publicly pledged support for the Russian government or the Russian people and/or threatened to conduct cyber operations to retaliate against perceived attacks against Russia or materiel support for Ukraine," the advisory read. "These Russian-aligned cybercrime groups likely pose a threat to critical infrastructure organizations."

While it has long been known in security circles that individual members of prominent cybercrime crews such as the Conti ransomware gang were promising their services on Russia's behalf, governments have largely focused on threats from state-sponsored hackers working directly with the Kremlin and agencies such as the Russian Federal Security Service (FSB).

Meanwhile, the threat from hackers directly tied to Russian government agencies such as the FSB continues to loom large over organizations based in countries that have come out in support of Ukraine.

The advisory reiterated the long-held belief among U.S. government agencies that Russia is preparing to launch a number of major cyber attacks against targets in the U.S. and Europe, with the intent of disrupting critical infrastructure industries. President Biden warned of such attacks in March.

"Russian state-sponsored cyber actors have demonstrated capabilities to compromise IT networks; develop mechanisms to maintain long-term, persistent access to IT networks; exfiltrate sensitive data from IT and operational technology (OT) networks; and disrupt critical industrial control systems (ICS)/OT functions by deploying destructive malware," the joint advisory read.

The intelligence agencies once again are advising IT administrators and executives to adopt some best practices to secure their networks from attacks. In addition to basic measures such as patching systems and providing end users with security awareness training, administrators are being encouraged to enforce multifactor authentication and either block or closely monitor the use of remote access protocols such as remote desktop protocol.