The report from the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation claims that these advanced hackers have created custom tools for targeting such systems.
The agencies urged "critical infrastructure organizations, especially energy sector organizations," to implement the detection and mitigation recommendations addressed in the alert to detect potential malicious threats and harden their industrial control system and supervisory control and data acquisition devices.
The report includes technical explanations as to how these organizations might combat cyberattacks aimed at systems like Schneider Electric programmable logic controllers, OMRON Sysmac NEX programmable logic controllers and Open Platform Communications Unified Architecture servers.
Using the custom tools, the hackers could disrupt critical systems and functions, the agencies said in the report.
"The tools enable them to scan for, compromise and control affected devices once they have established initial access to the operational technology network," the report said. "Additionally, the actors can compromise Windows-based engineering workstations, which may be present in information technology or [operational technology] environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities."
The report does not include specifics as to what groups could pose such a threat.
Last month, President Joe Biden said that his office has "evolving intelligence that the Russian government is exploring options for potential cyberattacks" in response to international sanctions.
To hammer home its point about the dangers of Russian nation-state-backed cybercrime, the U.S. Department of Justice unsealed an August 2021 indictment, days after Biden's statement, charging four Russian government employees with orchestrating sprawling hacking schemes targeting the global energy sector in 135 different countries between 2012 and 2017.
The Russian suspects are accused of targeting oil and gas firms, nuclear power plants, and utility and power transmission companies in attacks that could have given Russia the chance to cause "potentially catastrophic" physical damage, prosecutors said.
Since Russia's invasion of Ukraine, which began in late February, a cyberattack on U.S critical infrastructure at the level of several high-profile 2021 intrusions has yet to emerge. Criminal ransomware gangs breached networks belonging to a key fuel pipeline and a meat processing giant in May 2021 alone.
CISA and U.S. law enforcement agencies have been making an effort recently to share information about cyberthreats with potential targets, both publicly and in classified briefings, while urging companies to report data breaches even when they may not be mandated by law to do so, administration officials say.
The warning about Russian activity in cyberspace is the latest move by the Biden administration to proactively notify the public about cybercrime risks before a major incident unfolds.
In February, for instance, the White House cautioned businesses about a flaw in Log4j, a common piece of software used to record activities within the computer systems of millions of consumer-facing devices. The vulnerability allows an attacker to remotely take over a victim's systems and put in place malicious code that could be activated later, leaving open the possibility that an intrusion could be uncovered months or years after the initial attack, federal officials said.
The government's push to bring more attention to cybersecurity risks comes as the pace of cybercrime continues to rise, with attackers taking advantage of security gaps stemming from employees working from home amid the COVID-19 pandemic.
--Additional reporting by Hailey Konnath and Ben Kochman. Editing by Michael Watanabe.
For a reprint of this article, please contact reprints@law360.com.
