FBI: Beware of Cyber-Threat from Russian Hacktivists

Written by

The FBI has warned operators of critical national infrastructure (CNI) to ensure they have mitigations in place, as pro-Russia hacktivists continue to target them with DDoS attacks.

A new Private Industry Notification published on Friday revealed that the Feds had noticed an uptick in such activity since the start of Russia’s war against Ukraine.

However, it added that these attacks have had limited success thus far and that the biggest impact may be psychological.

“Hacktivists provide tools and guidance on cyber-attack methodology and techniques to anyone willing to conduct an attack on behalf of their cause. DDoS attacks of public-facing websites, along with web page and social media profile defacement, are a preferred tactic for many operations,” it explained.

“These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media. As a result, the psychological impact of DDoS attacks is often greater than the disruption of service.”

The notification added that many hacktivist groups seek to recycle previously leaked information in a bid to build a perception of higher technical ability than they have. However, by posting coverage of their efforts, they can also encourage copycat attacks, it warned.

The FBI urged all CNI firms to enrol in DDoS mitigation services, collaborate more closely with their ISPs to manage traffic during an incident, and create a disaster recovery plan. It added that firms under attack should also monitor for any secondary activity which may otherwise be hidden by the DDoS.

The most notable recent efforts by Russian hacktivists include a campaign by infamous group KillNet, which targeted at least 14 US airports, taking many of their websites offline.

Hacktivist efforts have not all been flowing one way. Early on in the war, the Ukrainian government called on global supporters to join an “IT Army” run from a Telegram account, which coordinates DDoS targets.

What’s hot on Infosecurity Magazine?