Russian State-sponsored and Criminal Cyber Threats to Critical Infrastructure

April 26, 2022

Cybersecurity authorities from the United States, Australia, Canada, New Zealand and the United Kingdom released a joint cybersecurity advisory (CSA) warning that Russia’s invasion of Ukraine could expose organizations to increased malicious cyber activity.

Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks. Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations.

Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine. Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive.

According to the alert, organizations should perform the following actions to protect against Russian state-sponsored and criminal cyber threats:

  • Patch all systems. Prioritize patching known exploited vulnerabilities.
  • Enforce multifactor authentication.
  • Secure and monitor Remote Desktop Protocol and other risky services.
  • Provide end-user awareness and training.

Contact ALTA at 202-296-3671 or