Pro-Russia hacktivist groups are presently targeting critical infrastructure in North America and Europe, as cautioned by U.S. and international authorities on Wednesday. They strongly advise operators and equipment suppliers to promptly reinforce their defensive measures.
According to the advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), these hackers have gained remote access to infrastructure entities primarily through human-machine interfaces that either relied on default factory passwords or lacked multifactor authentication. However, the advisory refrains from specifying the identities or affiliations of these attackers.
Despite the reported intrusions, U.S. and its allies have not detected any operational disruptions, as noted by Eric Goldstein, the Executive Assistant Director for Cybersecurity at CISA, during a conference call with reporters.
This advisory follows a series of cyberattacks on American infrastructure, allegedly perpetrated by Russian hackers. Last month, the security firm Mandiant, owned by Google, released a report linking the Cyber Army of Russia, purportedly behind an attack on a water facility in rural Texas in January, to the infamous Russian state actor Sandworm. Subsequently, the same group claimed responsibility for a cyberattack on a water plant in Indiana.
Referring to the Texas incident, the CISA document highlights intrusions into water systems that caused pumps to exceed normal operating parameters or disabled alarms. Although some victims experienced minor tank overflow incidents, most quickly restored operations by reverting to manual controls in the aftermath.
Goldstein clarified that the federal government is not currently linking the recent malicious activities to Sandworm but is continuously analyzing the evolving threat landscape.
When questioned about the potential influence of Washington's support for Ukraine in its conflict with Russia on these hacking activities, Goldstein emphasized that Russian hacktivist groups have publicly declared their intent to undertake such actions in support of the Russian regime.
Goldstein called upon the vendor community to incorporate enhanced security controls as default features in their technology products to mitigate such breaches. He stressed the importance of immediately changing factory default passwords upon installation and implementing multifactor authentication, aligning with the security standards outlined in the National Cybersecurity Strategy from the previous year and CISA's "Secure by Design" initiative.
In a statement, Dave Luber, the head of the National Security Agency’s Cybersecurity Directorate, urged administrators at critical infrastructure organizations to adopt the mitigations outlined in the report, particularly emphasizing the necessity of changing default passwords to fortify their cybersecurity posture and reduce vulnerability to such targeting.
Comments
Post a Comment