Statement on Russia Cyberattacks

While we are aware of no specific or credible Russian cyber threats to the United States at this time, CISA recommends that organizations continue to be prepared to respond to any disruptive cyber activity.

Blog
code hack

Statement on Russian Cyberattacks

In addition to being a state-level cyberattack entity, Russia hosts and coordinates many criminal cyber organizations. As such, recent events in Ukraine have led to many questions and concerns regarding the state of potential Russian cyberattacks and how they might impact organizations in the United States.

While we are aware of no specific or credible Russian cyber threats to the United States at this time, CISA recommends that organizations continue to be prepared to respond to any disruptive cyber activity. We recommend that you continue to follow CISA’s “Shields Up” Technical Guidance as well as monitoring organizations such as CISA and your industry-specific ISAC for current developments on Russia’s cyber posture.

However, when you review worrisome news and social media reports regarding Russian cyberattacks, please note the following:

  • Russia seems focused on Ukraine: Most attributable Russian activity has been targeted at Ukraine, or the border services of neighboring countries such as Romania and Poland. Obviously, Russia’s direct cyberattack strategy may shift at any time, and likely will as US and EU economic sanctions take effect.
  • NVIDIA attack is unrelated: The recent NVIDIA cyberattack has been attributed to a South American threat actor (LAPSU$) and should not be attributed as part of any specific “Russian hacking” campaign.
  • Russia should not distract us from other threats: CISA has also issued advisories regarding other state actors such as the Iranian APT group “MuddyWater” or “Static Kitten.” Other threat actors may try to leverage the current situation to their advantage.
  • Be alert for new malware strains: The greatest risk to US infrastructure at this time appears to not be a direct cyberattack against US infrastructure from Russian state sponsored actors as much as it may be collateral damage from Russia’s latest malware family that is being used to target government and private sector entities in the Ukraine. In 2017, Russia carried out a major cyberattack against Ukraine that was dubbed NotPetya. During this attack, Russia inadvertently took down the world’s largest shipping company (Maersk) as well as FedEx and other US industries.

TorchLight will continue to monitor this situation and provide updates as appropriate.