One of Britain’s main security agencies has sounded the alarm on a “state-affiliated” Russian group that could mount devastating attacks on critical national infrastructure (CNI).
The National Cyber Security Center (NCSC) said in a warning that such groups typically focus on DDoS, web defacement and the spread of misinformation, but would be “disruptive and destructive” to the CNI if given the chance. It is said that there is a possibility that it may proceed to a
“In the face of this new threat, our message to the CNI sector is to take sensible and balanced steps to protect yourself,” said Marsha Quarorite, NCSC’s Deputy Director for Critical National Infrastructure. That’s it.
“The NCSC has developed advice for organizations on what to do when cyber threats rise. We strongly encourage all CNI organizations to follow it.”
Because state-led groups are not financially motivated or subject to formal state control, their actions are “less constrained and broadly targeted” than traditional cybercriminals, the NCSC warned. , added that this makes their predictions difficult.
But the threat posed by Russian state actors today is also very real. A joint advisory by the NCSC, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the FBI warned Tuesday of continued attempts by his APT group in the military to break into Cisco routers.
APT28, which operates outside the Russian military intelligence service GRU, has been exploiting legacy bug CVE-2017-6742 to install a custom backdoor Jaguar Tooth since 2021, authorities claim.
For more information, see APT28: Cisco: Destructive VPNFilter malware infected 500,000 devices.
Previously deployed against a handful of European-based organizations, US government agencies, and approximately 250 Ukrainian victims, the malware allowed unauthenticated access to targeted devices for reconnaissance purposes. And it seems.
“This malicious activity by APT28 poses a serious threat to organizations. Our partners in the UK and US are working to raise awareness of the tactics and techniques being deployed,” said NCSC Operations Director. says Paul Chichester.
“Network defenders are strongly encouraged to ensure their routers have the latest security updates and follow other mitigation steps in the advisory to prevent security breaches.”
These mitigations include keeping devices and networks up to date, following password management best practices, and monitoring and logging commands executed on network devices.
