Government infosec agencies in the Five-Eyes nations say there is evolving intelligence indicating that Russia is exploring cyber attacks against Western nations, as part of its war against Ukraine.
In a joint advisory, the Five-Eyes agencies said several Russian government and military organisations including the internal Federal Security Service (FSB), the Foreign Intelligence Service (SVR) and the General Staff Main Intelligence Directorate (GRU) have conducted malicious cyber operations against information and operational technology networks.
Multiple advanced persistent threat (APT) actors in Russia are believed to be targeting government, military and private sector organisations, as well as cyber security companies and journalists, the agencies said.
Some cyber crime groups have also pledged support for the Putin regime, and threatened hack attacks in retaliation for perceived Five-Eyes offensive operations against the Russian government and people.
Critical infrastructure network defenders in the Five-Eyes countries are urged to prepare for destructive malware, ransomware, distributed denial of service attacks, and cyber espionage.
A number of hacking campaigns attributed over the past five years have been attributed to Russian government-sponsored threat actors.
FSB agents have been indicted by the US Department of Justice for accessing email accounts of government and military staff, and those of journalists and private sector employees.
The APT29 hacking group, also called COZY BEAR and NOBELIUM and several other names, is accused by the Five-Eyes agencies of being behind the high-profile SolarWinds supply chain attack.
APT28 or FANCY BEAR, active since 2004, was assessed by the US government to have deployed the Drovorub malware in 2020, to break into Linux-based computer systems.
Organisations that operate critical infrastructure are advised to apply software updates, enforce multi-factor authentication, secure and monitor their remote access software and other, potentially risky services, and provide end user security awareness and training.
Five-Eyes or FVEY is an intelligence sharing alliance comprising the United States, Australia, Canada, United Kingdom and New Zealand.
Russia hovers finger over Internet disconnection button
The former Russian president Dmitry Medvedev told state-controlled news media in the country is now ready to disconnect from the global internet, but doesn't see any reason to do so, as it would be a double-edged sword.
Medvedev's comments relate to a "sovereign internet" law that came into force in 2019, aimed at providing tighter control over the Internet in Russia.
Conversely, Medvedev warned that the US retains key rights of control to the Internet.
If an extraordinary event takes place, Medvedev said Russia could be disconnected from the Internet by the US.
Medvedev pointed to some Russian banks being ejected from the global SWIFT payments system as an example, following the country's unprovoked attack on Ukraine.