Home News Federal Agencies Release Advisory On Mitigating Security Threats From Russian APT Actors

Federal Agencies Release Advisory On Mitigating Security Threats From Russian APT Actors

Federal Agencies Release A Joint Advisory On Detecting, Responding, And Mitigating Security Threats From Russian APT Actors

SHARE
Russian hackers, Senate Homeland Security Report, Electronic Warfare Associates

State-sponsored hackers from Russia continue to prevail in the cyberthreat landscape. Government authorities and organizations globally are warning about frequent cyberespionage campaigns from Russian actors. Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), FBI, and National Security Agency (NSA) released a joint advisory on detecting, responding, and mitigating security threats from Russian state-sponsored actors. The advisory provides an overview of Russian hackers’ cyber operations, including their commonly used tactics, techniques, and procedures (TTPs).

“CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the advisory,” the advisory said.

Russian APT Actors

The federal agencies stated that Russian state-sponsored advanced persistent threat (APT) actors leveraged various attacking vectors like spearphishing, brute force, and exploiting known vulnerabilities to break into targeted network systems.

Vulnerabilities known to be exploited by Russian state-sponsored APT actors for initial access include:

Targeted Sectors 

Russian actors reportedly targeted a variety of U.S. and international critical infrastructure organizations in the Defense, Health Care, Public Health, Energy, Telecommunications, and Government Facilities Sectors.

Also Read: Russia Blocks Tor Web Over Privacy Concerns

What to do if you become a victim of APT

The advisory stated that organizations detecting potential APT activity in their network systems should:

  • Immediately isolate affected systems.
  • Secure backups. Ensure your backup data is offline and secure. If possible, scan your backup data with an antivirus program to ensure it is free of malware.
  • Collect and review relevant logs, data, and artifacts.
  • Consider soliciting support from a third-party IT organization to provide subject matter expertise, ensure the actor is eradicated from the network, and avoid residual issues that could enable follow-on exploitation.

Mitigation

CISA, the FBI, and NSA recommended organizations implement the below security measures to increase their cyber resilience against rising threats:

  • Develop internal contact lists. Assign main points of contact for a suspected incident and roles and responsibilities and ensure personnel knows how and when to report an incident.
  • Minimize IT/OT security personnel availability gaps by identifying surge support for responding to an incident.
  • Ensure IT/OT security personnel monitor key internal security capabilities and identify anomalous behavior. Flag any identified IOCs and TTPs for immediate response
  • Create, maintain, and exercise a cyber incident response and continuity of operations plan.
  • Require multi-factor authentication for all users, without exception.
  • Require accounts to have strong passwords and do not allow passwords to be used across multiple accounts or stored on a system an adversary may have access to.
  • Identify, detect, and investigate abnormal activity that may indicate lateral movement by a threat actor or malware.