The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE) published a joint Cybersecurity Advisory with information on multiple intrusion campaigns targeting U.S. and international energy sector organizations conducted by indicted Russian state-sponsored cyber actors from 2011 to 2018. In conjunction with the U.S. Department of Justice unsealed indictments today, this advisory provides the technical details of a global energy sector intrusion campaign using Havex malware, and the compromise of a Middle East-based energy sector organization using TRITON malware.
While this advisory documents historical cyber activity, CISA, FBI, and DOE assess that state-sponsored Russian cyber operations continue to pose an ongoing threat to U.S. Energy Sector networks. The U.S. energy sector and critical infrastructure organizations more broadly are urged to apply the recommended mitigations. Actions that executives and leaders can take now to protect their networks include:
- Implement and ensure robust network segmentation between information technology and industrial control systems (ICS) networks;
- Enforce multifactor authentication to authenticate into a system; and
- Manage the creation of, modification of, use of, and permissions associated with privileged accounts.
“In light of the indictments announced today and evolving intelligence that the Russian Government is exploring options to conduct potential cyberattacks against the U.S., CISA, along with our FBI and DOE partners, is issuing this joint advisory to reinforce the demonstrated threat posed by Russian state-sponsored cyber actors,” said CISA Director Jen Easterly. “While the intrusions highlighted in this advisory span an earlier period of time, the associated tactics, techniques, procedures, and mitigation steps are still highly relevant in the current threat environment. We urge all organizations, large and small, to carefully review this advisory, as well as visit www.cisa.gov/shields-up for regularly updated information on steps you can take to protect yourself and your business.”
“The FBI is committed to combatting the malicious cyber threat Russia continues to pose to our critical infrastructure industry,” said Bryan Vorndran, Assistant Director of FBI Cyber Division. “We strive to share information with our private sector partners as well as the public to enable them to increase their defense capabilities. The FBI is dedicated to investigating this targeted criminal activity and along with our federal partners utilizing all of the tools in our toolbelt to hold these actors accountable.”
“The Department of Justice’s actions today demonstrate the U.S. government’s commitment to hold malicious cyber actors accountable for their actions,” said DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) Director Puesh Kumar. “DOE takes threats to the U.S. energy sector seriously and urges industry partners to remain vigilant in light of Russia’s invasion of Ukraine. DOE values the partnership with owners and operators, States, CISA, and the FBI to jointly tackle threats to critical infrastructure in the United States.”
In addition to the advisory, organizations should visit www.CISA.gov/shields-up for information on how to protect their networks and should report unusual cyber activity and/or cyber incidents to firstname.lastname@example.org or (888) 282-0870, or an FBI field office. When cyber incidents are reported quickly, it can contribute to stopping further attacks.