When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory providing an assessment overview of the Russian cyber threats. The publicly available overview provides open-source intelligence and information about Russian cyber threats.
Information on Russian Cyber Threats
The motives behind the Russian cyber threats are to enable broad-scale cyber espionage, suppress certain social and political activities, steal intellectual property, and harm regional and international adversaries. According to CISA and other unclassified sources, recent advisories reveal that Russian state-sponsored threat actors are targeting the following industries and organizations in the United States and other Western nations: COVID-19 research, governments, elections organizations, healthcare and pharmaceutical, defense, energy, video gaming, nuclear, commercial facilities, water, aviation, and critical manufacturing. Russian actors were further linked to numerous high-profile malicious cyber threats, including the compromise of the SolarWinds software supply chain, targeting U.S. companies developing COVID-19 vaccines, targeting U.S. industrial control system infrastructure, the NotPetya ransomware attack on worldwide organizations, and leaking stolen documents from the U.S. Democratic National Committee.
The U.S. Office of the Director of National Intelligence’s 2021 Annual Threat Assessment reveals that Russia continues to target critical infrastructure, including underwater cables and industrial control systems, in the United States and in allied and partner countries to damage infrastructure and related response during a crisis. According to the assessment, Russia almost certainly considers cyberattacks an acceptable option to deter adversaries, control escalation, and prosecute conflicts. CISA, the National Cyber Security Centre of the United Kingdom (NCSC-UK), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory that a threat actor known as Sandworm or Voodoo Bear is using a new malware known as Cyclops Blink. Cyclops Blink appears as a replacement framework for the VPNFilter malware that exploited network devices, primarily small and home office routers and network-attached storage devices.
According to the NCSC, CISA, and the FBI, the Sandworm actor was previously linked to the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies (GTsST). The agencies observed Russian state-sponsored cyber actors targeting U.S.-cleared defense contractors (CDCs) on a regular basis. With various levels of cybersecurity protocols and resources, the actors have targeted both large and small CDCs and subcontractors. Another advisory provides details about how the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) targeted and exploited hundreds of U.S. and foreign organizations and private sector victim networks, accessing credentials, moving laterally, and collecting and exfiltrating data.
Joint Advisories provided details on Russian SVR activities related to the SolarWinds Orion compromise, including using vulnerabilities to breach U.S. and Allied networks and using malware on victim networks targeting cloud resources to obtain information. Another advisory reveals that APT actors exploited multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability using a tactic known as vulnerability chaining, which exploits multiple vulnerabilities in a single intrusion compromising a network or application. A Joint Technical Alert provided information on Russian state-sponsored threat actors exploiting network infrastructure devices worldwide targeting government and private-sector organizations, critical infrastructure providers, and internet service providing support for the sectors.
With the recent events involving Russia invading Ukraine and launching malicious cyber threats against various organizations in the United States and other Western nations, it’s more critical for companies to remain on top of the current threat landscape and keep their data network security software updated to prevent potential breaches. At SpearTip, we specialize in incident response and handling breaches with one of the fastest response times in the industry. Our certified engineers are continuously working 24/7/365 at our Security Operations Center monitoring companies’ data networks for potential cyber threats, including ransomware. Being proactive, especially with the current situation, is the best way to remain ahead of current threats. SpearTip’s ShadowSpear, our endpoint detection and response platform, is a great proactive tool that optimizes visibility and can be integrated with any cloud, network, and endpoint providing an extra layer of cybersecurity.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.
View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.
ShadowSpear Platform
Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.
ShadowSpear Demo
Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.
