CISA Alert AA22-083A – TTPs of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector.

This joint Cybersecurity Advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted US and international Energy Sector organizations. CISA, the FBI, and DOE assess that state-sponsored Russian cyber operations continue to pose a threat to Energy Sector networks and are sharing this information in order to highlight TTPs used by adversaries to target Energy Sector organizations. They urge the Energy Sector and other critical infrastructure organizations to apply the recommendations listed in the Mitigations Section and Appendix Alpha of the alert documentation to reduce the risk of compromise. 

AA22-083A Alert, Technical Details, and Mitigations

Russian Government Employees Charged for Hacking Critical Infrastructure

CISA Shields Up Technical Guidance

Mitigating Russian State-Sponsored Cyber Threats to US Critical Infrastructure

Rewards for Justice Program

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

If you have information on state-sponsored Russian cyber operations targeting US critical infrastructure, contact the Department of State’s Rewards for Justice program. You may be eligible for a reward of up to $10 million for information leading to the identification or location of any person who, while acting under the direction or control of a foreign government, participates in malicious cyber activity against US critical infrastructure. Contact +1-202-702-7843 on WhatsApp, Signal, or Telegram, or send information via the Rewards for Justice secure Tor-based tips line located on the Dark Web. For more details refer to the Rewards for Justice website.