The Five Eyes nations have released the Five Eyes nations joint cybersecurity alert warning of the increase in attacks on the internet by Russian state-sponsored actors and criminal groups that target critical infrastructure companies amidst the ongoing military blockade of Ukraine.
“Evolving intelligence suggests Russia may be Russian government is looking at possibilities for cyberattacks that could be possible,” authorities from Australia, Canada, New Zealand, and Canada, New Zealand U.K., and the U.S. said.
The United States and U.S. allies and allies.” “Russia’s attack on Ukraine could expose businesses in and outside the area to more cyber activities. This may be an answer to the massive economic cost imposed on Russia and the substantial assistance provided by U.S. allies and partners.”
The alert comes in the wake of another warning by the U.S. government cautioning state actors who use specialized malware to control accessibility to the industrial control system (ICS) and supervisory controls and data acquisition (SCADA) devices.
In the two months since the invasion began, Ukraine has been subjected to a flood of targeted campaigns which range from distributed denial of service (DDoS) attacks to the spread of malware that is destructive and targeted at infrastructure and governmental entities.
Wednesday’s alert highlighted that Russian cybercriminals funded by the state could compromise IT networks, sustain an ongoing presence, and steal sensitive data while hiding and disrupting and undermining industrial control systems.
In addition, cybercriminal groups such as Conti (aka Wizard Spider) have publicly announced that they will support the Russian government. Other Russian-aligned cybercriminal syndicates are CoomingProject, CoomingProject, Killnet, Mummy Spider (the operating company behind The Emotet), Salty Spider, and Scully Spider Smoky Spider, as well as also the XakNet Team.
“The message must be clear and clear. Russian state actors with nexus are on the hunt Cyberspace has evolved into an unintentional hot war zone, and everybody should be prepared for a threat from any direction.” Chris Grove, director of the cybersecurity strategy at Nozomi Networks, said in an interview with The Hacker News.
The news occurred just as the Federal Bureau of Investigation (FBI) alerted the increase of ransomware attacks that could target agricultural and food companies during harvest and planting seasons.
“Cyber actors could view cooperatives as lucrative targets, with an eagerness to pay, due to their critical role in agriculture manufacturing,” this agency declared. “Initial attacks were triggered by known vulnerabilities that remain unpatched and exploited, secondary infections that result from shared resources in networks, or compromised managed services.”
In a separate decision that was announced, in a separate move, the U.S. Treasury Department moved to penalize Russian cryptocurrency mining firm Bitriver to assist the country escape sanctions. This is the first time a mining company has been placed on an economic blacklist. Russia has the distinction of being the third-largest country in the world regarding bitcoin mining.
“By running massive server farms, which sell the capacity to mine virtual currencies globally, These companies assist Russia to make money from their natural resource reserves,” the Treasury declared. “However mining companies rely on computers imported from abroad and payments in fiat currency that make them susceptible to sanction.”