Russian Cyber Activity Alert

Published in News on 3/25/2018

On March 15, 2018 a Technical Alert was issued by the Department of Homeland Security (DHS) and the FBI on Russian government cyber-activity targeting energy and other critical infrastructure sectors.

Tagged Under: COOP, Drills, Emergency Facillities, Emergency Systems, Emergency Technology, Interagency, Offsite Response, Planning, Public Information, Personal Security, Site Security, Cyber Security, Facility Preparedness

​​​ 

The past year has been filled with reports about Russian cyber- attacks on the U.S. They have been accused of interfering with our election process, passing along fake news, and tapping into various government entities and other organizations.  On March 15, 2018 a Technical Alert was issued by the Department of Homeland Security (DHS) and the FBI on Russian government cyber-activity targeting energy and other critical infrastructure sectors.

The alert states the targets are both U.S. government entities as well as organizations in the energy, nuclear commercial facilities, water, aviation and critical manufacturing sectors.  The Alert also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.

Cyber-attacks are "literally happening hundreds of thousands of times a day," Energy Secretary Rick Perry told lawmakers during a hearing March 15. "The warfare that goes on in the cyberspace is real, it’s serious, and we must lead the world."

DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.

The entire Alert can be read by clicking on this link: https://www.us-cert.gov/ncas/alerts/TA18-074AT


Additional Links and Resources are provided below, to help give a broader understanding of the problem and how your site or facility’s operation could potentially be affected.


Next Steps After Russian Attacks on U.S. Critical Infrastructure

http://www.govtech.com/blogs/lohrmann-on-cybersecurity/next-steps-after-russian-attacks-on-us-critical-infrastructure.html

Russian Hackers Attacking U.S. Power Grid and Aviation, FBI Warns

https://www.bloomberg.com/news/articles/2018-03-15/russian-hackers-attacking-u-s-power-grid-aviation-fbi-warns

DHS, FBI Warn Companies of Ongoing Cyber Attacks on Critical Infrastructure

http://freebeacon.com/national-security/dhs-fbi-warn-companies-ongoing-cyber-attacks-critical-infrastructure/

Russian Hackers Attacked U.S. Nuclear, Aviation and Power Grid Infrastructure, FBI and DHS Warn

​http://www.newsweek.com/russian-hackers-us-nuclear-power-847267



Alert (TA18-074A)

Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

https://www.us-cert.gov/ncas/alerts/TA18-074AT

March 15, 2018​

RickPerry.jpg

Rick Perry House Appropriations Subcommittee hearing March 15

Photo: Andrew Harrer/Bloomberg