Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

Systems Affected

  • Domain Controllers
  • File Servers
  • Email Servers

 

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.

DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

For a downloadable copy of IOC packages and associated files, see:

Contact DHS or law enforcement immediately to report an intrusion and to request incident response resources or technical assistance.  Please click on the link below for the full article.

Source: https://www.us-cert.gov/ncas/alerts/TA18-074A

Advertisements

Multiple Ransomware Infections Reported

US-CERT has received multiple reports of ransomware infections in several countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.

Users and administrators are encouraged to review the US-CERT Alert TA16-091A to learn how to best protect against ransomware. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).

Source: https://www.us-cert.gov/ncas/current-activity/2017/05/12/Multiple-Ransomware-Infections-Reported

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in its IOS, IOS XE, and IOx Software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a denial-of-service condition.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

Source: https://www.us-cert.gov/ncas/current-activity/2017/03/22/Cisco-Releases-Security-Updates

Aviation Phishing Scams

US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information.

US-CERT encourages users and administrators to review an airline Security Advisory (link is external) and US-CERT’s Security Tip ST04-014 for more information on phishing attacks.

Source: https://www.us-cert.gov/ncas/current-activity/2017/03/23/Aviation-Phishing-Scams

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Digital Editions, and Campaign. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-04 (link is external), APSB17-05 (link is external), and APSB17-06 (link is external)and apply the necessary updates.

Source: https://www.us-cert.gov/ncas/current-activity/2017/02/14/Adobe-Releases-Security-Updates

Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for January 2017 to address 270 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle January 2017 Critical Patch Update (link is external) and apply the necessary updates

Source: https://www.us-cert.gov/ncas/current-activity/2017/01/18/Oracle-Releases-Security-Bulletin

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Source: https://www.us-cert.gov/ncas/current-activity/2016/12/13/Adobe-Releases-Security-Updates