A joint cybersecurity advisory issued by members of the Five Eyes alliance warns of increased attacks on critical infrastructure from Russia.
The Five Eyes alliance consists of the US, UK, Australia, Canada, and New Zealand. Members cooperate in signals intelligence.
Canadian academic Srdjan Vucetic believes the Five Eyes’ originated from Winston Churchill’s Iron Curtain speech in 1946, in which the British PM warned of open conflict with the Soviet Union unless the “democracies” learned to cooperate.
Modern-day Russia is bringing back Soviet-era tensions with its barbaric invasion of a sovereign European country and irresponsible nuclear threats—reinforcing the need for alliances like the Five Eyes and NATO that an increasing number believed were relics of a time past.
However, modern warfare has evolved. NATO and the Five Eyes have aimed to keep pace and regularly warned that Russia’s cyber capabilities cannot be ignored given their potentially devastating potential.
“Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks,” wrote the Five Eyes in their advisory.
“Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations.”
Cyberattacks are often conducted through groups with suspected links to the Russian state like Fancy Bear. A growing number of independent cybercrime groups have also pledged support for the Russian government—making it difficult to definitively claim that any cyberattack was state-sponsored.
Here are the known groups that have aligned themselves with Russia:
- The CoomingProject
- MUMMY SPIDER
- SALTY SPIDER
- SCULLY SPIDER
- SMOKEY SPIDER
- WIZARD SPIDER
- The Xaknet Team
“These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing material support to Ukraine.”
The intelligence partners warn organisations that they may be targeted in response to support for Ukraine and the economic costs imposed on Russia for its invasion and increasing evidence of war crimes being uncovered.
The alliance warns Russia’s state-sponsored hackers have demonstrated the ability to compromise IT networks, develop mechanisms to maintain long-term and persistent access to IT networks, exfiltrate sensitive data from IT and operational technology (OT) networks, and disrupt critical industrial control systems (ICS)/OT functions by deploying destructive malware. Previous operations pointed to as examples include BlackEnergy and NotPetya.
Earlier this month, a separate advisory was issued by numerous US agencies that warned nation-state actors are deploying specialised malware to maintain access to ICS and supervisory control and data acquisition (SCADA) devices.
The FBI has also separately warned (PDF) that ransomware attacks on the food and agriculture sectors are particularly likely during the planting and harvest seasons—further sowing chaos and putting increasing pressure on supply chains.
As the invasion heads towards its 58th day with few signs of ending soon, the Five Eyes’ warning – alongside the advisories from numerous other global security agencies – shows it’s more important than ever to maintain robust cybersecurity practices.
(Photo by Marcel Eberle on Unsplash)
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.