One of the UK’s leading security agencies has sounded the alarm over “state-aligned” Russian groups which could launch destructive attacks on critical national infrastructure (CNI).
The National Cyber Security Centre (NCSC) said in the alert that such groups usually focus on DDoS, web defacement and spreading misinformation, but that they may progress to “destructive and disruptive attacks” on CNI if they see the opportunity.
“In the wake of this emerging threat, our message to CNI sectors is to take sensible, proportionate steps now to protect themselves,” argued Marsha Quallo-Wright, NCSC deputy director for critical national infrastructure.
“The NCSC has produced advice for organizations on steps to take when the cyber threat is heightened, and I would strongly encourage all CNI organizations to follow this now.”
State-aligned groups are not financially motivated or formally state controlled, meaning their actions are “less constrained and their targeting broader” than traditional cyber-criminals, the NCSC warned, adding that this makes them less predictable.
However, the threat from Russian state actors today is also very real. A joint advisory from the NCSC, the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI on Tuesday warned of continued efforts by a military APT group to compromise Cisco routers.
APT28, which operates out of the Russian military intelligence service GRU, has been exploiting legacy bug CVE-2017-6742 since 2021, to install custom backdoor Jaguar Tooth, the agencies claimed.
Read more on APT28: Cisco: Destructive VPNFilter Malware Has Infected 500K Devices.
Deployed previously against a small number of organizations based in Europe, as well as US government institutions and around 250 Ukrainian victims, the malware apparently enables unauthenticated access to targeted devices for reconnaissance purposes.
“This malicious activity by APT28 presents a serious threat to organizations, and the UK and our US partners are committed to raising awareness of the tactics and techniques being deployed,” said NCSC director of operations, Paul Chichester.
“We strongly encourage network defenders to ensure the latest security updates are applied to their routers and to follow the other mitigation steps outlined in the advisory to prevent compromise.”
These mitigation measures include keeping devices and networks up to date, following password management best practices, and monitoring and logging commands executed on network devices.