Russian Cyber Threat

Chris Swagler | March 2nd, 2022


The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory providing an assessment overview of the Russian cyber threats. The publicly available overview provides open-source intelligence and information about Russian cyber threats.

Information on Russian Cyber Threats

The motives behind the Russian cyber threats are to enable broad-scale cyber espionage, suppress certain social and political activities, steal intellectual property, and harm regional and international adversaries. According to CISA and other unclassified sources, recent advisories reveal that Russian state-sponsored threat actors are targeting the following industries and organizations in the United States and other Western nations: COVID-19 research, governments, elections organizations, healthcare and pharmaceutical, defense, energy, video gaming, nuclear, commercial facilities, water, aviation, and critical manufacturing. Russian actors were further linked to numerous high-profile malicious cyber threats, including the compromise of the SolarWinds software supply chain, targeting U.S. companies developing COVID-19 vaccines, targeting U.S. industrial control system infrastructure, the NotPetya ransomware attack on worldwide organizations, and leaking stolen documents from the U.S. Democratic National Committee.

The U.S. Office of the Director of National Intelligence’s 2021 Annual Threat Assessment reveals that Russia continues to target critical infrastructure, including underwater cables and industrial control systems, in the United States and in allied and partner countries to damage infrastructure and related response during a crisis. According to the assessment, Russia almost certainly considers cyberattacks an acceptable option to deter adversaries, control escalation, and prosecute conflicts. CISA, the National Cyber Security Centre of the United Kingdom (NCSC-UK), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory that a threat actor known as Sandworm or Voodoo Bear is using a new malware known as Cyclops Blink. Cyclops Blink appears as a replacement framework for the VPNFilter malware that exploited network devices, primarily small and home office routers and network-attached storage devices.

According to the NCSC, CISA, and the FBI, the Sandworm actor was previously linked to the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies (GTsST). The agencies observed Russian state-sponsored cyber actors targeting U.S.-cleared defense contractors (CDCs) on a regular basis. With various levels of cybersecurity protocols and resources, the actors have targeted both large and small CDCs and subcontractors. Another advisory provides details about how the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) targeted and exploited hundreds of U.S. and foreign organizations and private sector victim networks, accessing credentials, moving laterally, and collecting and exfiltrating data.

Joint Advisories provided details on Russian SVR activities related to the SolarWinds Orion compromise, including using vulnerabilities to breach U.S. and Allied networks and using malware on victim networks targeting cloud resources to obtain information. Another advisory reveals that APT actors exploited multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability using a tactic known as vulnerability chaining, which exploits multiple vulnerabilities in a single intrusion compromising a network or application. A Joint Technical Alert provided information on Russian state-sponsored threat actors exploiting network infrastructure devices worldwide targeting government and private-sector organizations, critical infrastructure providers, and internet service providing support for the sectors.

With the recent events involving Russia invading Ukraine and launching malicious cyber threats against various organizations in the United States and other Western nations, it’s more critical for companies to remain on top of the current threat landscape and keep their data network security software updated to prevent potential breaches. At SpearTip, we specialize in incident response and handling breaches with one of the fastest response times in the industry. Our certified engineers are continuously working 24/7/365 at our Security Operations Center monitoring companies’ data networks for potential cyber threats, including ransomware. Being proactive, especially with the current situation, is the best way to remain ahead of current threats. SpearTip’s ShadowSpear, our endpoint detection and response platform, is a great proactive tool that optimizes visibility and can be integrated with any cloud, network, and endpoint providing an extra layer of cybersecurity.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.


Connect With Us

Featured Articles

Cybersecurity Health Checks
Cybersecurity Health Checks: Why Companies Need Them
22 April 2024
New Loop DoS Attack
New Loop DoS Attack Affecting Linux Systems
19 April 2024
Possible Cyberattack
Possible Cyberattack During 2024 Summer Olympics
15 April 2024
Tabletop Exercises
Tabletop Exercises: Transformative Impact on Companies
12 April 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.