ClearDATA Analysis of Russian State-Sponsored Cyber Aggression

Over the past few weeks, the US Cybersecurity and Infrastructure Security Agency (CISA), in conjunction with other federal agencies, has released multiple notifications outlining offensive cyber operations conducted by Russian state-sponsored threat actors and their strategic allies against Ukraine, the United States, and NATO allies. These notifications and other mainstream outlets also warn of the potential for additional targeted attacks against US critical infrastructure and enterprises in retaliation for US intervention in the ongoing invasion of Ukraine.

Most recently ClearDATA research has focused on the following threat actors either directly or loosely affiliated with Russian cyber aggression:

  • The Main Directorate of the General Staff (GRU)
    • Unit 26165
    • Unit 74455
    • Unit 5477
  • Foreign Intelligence Service (SVR)
  • Federal Security Service (FSB)
    • 18th Center
  • Other related groups
    • MOIS
    • UNC1151
    • Conti RAS

ClearDATA continues to collect and analyze these notifications and alerts, along with other intelligence. We continue to inform our customers with in-depth analysis and detail of how we are deploying additional security measures and creating new solutions for advanced threats.

As a general service to the healthcare community, we suggest the following short and long-term actions:

Short Term Actions:

  • Put your security and IT operations teams on high alert for any suspicious behavior.
  • Examine your networks and update firewall configurations with the latest guidance from CISA, the FBI, and your firewall vendor.
  • Consult your data maps and fortify systems that transmit, store, or process sensitive data.
  • Scan your assets and patch vulnerable systems.
  • If you’re running unnecessary assets, shut them down.
  • Rotate passwords for all users and where possible, service accounts, and keys.
  • Make sure you implement multi-factor authentication – ASAP.
  • Make sure your data and your applications are backed up and in a safe location (away from your production systems).
  • Enhance your operational and security monitoring.
  • Share with your workforce how to identify threats, including avoiding phishing attacks and malware.

Longer-Term Actions:

  • Inventory your technical assets and ensure they are maintained, monitored, and managed.
  • Eliminate the use of end-of-life systems that no longer have manufacturer support.
  • Use hardened compute images devoid of unnecessary open ports, services, and software.
  • Start a data discovery and mapping project if you don’t know where your data is.
  • Hire more cybersecurity talent, or find a great partner to help in this area.
  • Alter your data models to reduce the blast radius in case of hacking attempts

ClearDATA customers have and will continue to receive additional intelligence reports and protective measures.

Connect with a cybersecurity expert to learn more about this and other threat intelligence and protective measures sponsored by ClearDATA.

Thank you for subscribing!