Federal agencies warn of Russian hackers targeting critical infrastructure

Federal agencies are warning about Russian hackers potentially targeting critical infrastructure in the United States.

The Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency released a joint Cybersecurity Advisory on Tuesday detailing cyber operations sponsored by the Russian state, including commonly used tactics, techniques and procedures.

The advisory also outlines detection actions, incident response guidance and mitigation measures.


The agencies said they released the memo to “warn organizations of cyber threats and help the cybersecurity community reduce the risk presented by these threats.” It does not, however, mention any specific threats.

“This overview is intended to help the cybersecurity community reduce the risk presented by these threats,” the advisory adds.

The new guidance comes after White House National Cyber Director Chris Inglis testified before Congress in November that there has been a “discernible decrease” in the number of cyberattacks against U.S. companies that can be traced back to Russia.

Inglis said the reason behind the decrease was not clear. 

There have, however, been a number of cyberattacks against U.S. companies perpetrated by Russia-based groups in the past year, including against Colonial Pipeline, meat producer JBS USA and IT group Kaseya.

The Biden administration announced sanctions against Russia in April in response to the cyber espionage operation against the IT group SolarWinds, which compromised nine federal agencies and 100 private sector groups.

The advisory released on Tuesday urges the cybersecurity community, especially critical infrastructure network defenders, to “adopt a heightened state of awareness and to conduct proactive threat hunting.”

It specifically recommends that organizations prepare for potential breaches, bolster cyber postures and “increase organizational vigilance.”