Countries belonging to the Five Eyes intelligence alliance have warned Russian state-sponsored hackers and cybercriminal groups could target critical infrastructure.

The joint Cybersecurity Advisory was issued April 20 by the alliance, made up of the U.S., Australia, Canada, New Zealand and the U.K. It warned that evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks. Recent Russian state-sponsored operations have included distributed denial-of-service attacks, while older operations have included the deployment of malware targeting the Ukraine government and critical infrastructure organizations.

The advisory claims that the activity could expose organizations both within and beyond the region and may occur as a response to the economic costs imposed on Russia through sanctions as well as materiel support provided to Ukraine by the U.S., allies and partners.

Although Russian state-sponsored hackers targeting companies in the West is not new, it’s warned that the threat landscape is more complicated because of cybercrime groups. The advisory states that some cybercrime groups have publicly pledged support for the Russian government and have threatened to conduct cyber operations in retaliation for actions against Russia. Some groups have also said they might do the same against countries and organizations providing materiel support for Ukraine.

The full advisory details information on various Russian-associated cyber threats and cybercrime groups.

The five countries recommend that organizations take immediate action to prepare for and mitigate potential cyber threats. These include destructive malware, ransomware, DDoS attacks and cyberespionage. Organizations should harden their cybersecurity defenses and perform due diligence in identifying indicators of malicious activity.

“This release broadens the consensus on a high level of threat to the Five Eyes countries and specifically names the threat actors of concern,” Casey Ellis, founder and chief technology officer at crowdsourced cybersecurity company Bugcrowd Inc., told SiliconANGLE today. “While this is unsurprising in practice, it is visually significant. The statement reinforces Five Eyes’ position that malicious cyber activity emanating from Russia is, in general, a clear and present danger to democratic countries.”

Rick Holland, chief information security officer and vice president of strategy at digital risk solutions firm Digital Shadows Ltd., noted that the alert is more of a primer and a level set rather than something that breaks new information on Russian cybersecurity operations.

“The alert does provide an excellent overview of the wide range of government, military and Russian aligned threat groups,” Holland explained. “This information will benefit less mature organizations that haven’t historically tracked these threat groups.”

Tim Erlin, vice president of strategy at enterprise and industrial organizations cybersecurity company Tripwire Inc., pointed to the huge, perhaps overwhelming amount of detail in this joint advisory.

“With a broad threat like this, it’s difficult to lay out a single mitigating activity that’s likely to make a difference,” Holland said. “So much of what needs to be done falls into the category of foundational best practices, but that reality shouldn’t prevent critical infrastructure organizations from taking action.”

Image: Pixabay