{"id":7729,"date":"2022-05-13T11:50:37","date_gmt":"2022-05-13T18:50:37","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7729"},"modified":"2022-05-13T11:50:37","modified_gmt":"2022-05-13T18:50:37","slug":"russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/","title":{"rendered":"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) AA22-110A on April 20, 2022. The objective of this CSA is to warn organizations that Russia\u2019s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may be driven in response to the massive and unprecedented economic costs imposed on Russia, as well as material support provided by the United States and other allies.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Intelligence data indicates that the Russian government is looking at options for potential cyberattacks. The history of recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and multiple instances of deployment of destructive malware against Ukrainian government and critical infrastructure organizations.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Beyond state organizations, some groups which are part of organized crime have also recently and visibly pledged support for the Russian government. These Russian-aligned organized crime groups have threatened to conduct cyber operations in retaliation to cyber offensives against the Russian government and people. Some of these organized crime groups have also threatened to conduct cyber operations against countries and organizations that are providing material support to Ukraine. Very recently, organized crime groups have conducted disruptive attacks against Ukrainian websites. This is very likely in support of the ongoing Russian military offensive.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities urge critical infrastructure network defenders to prepare for these potential cyber threats. This requires increased due diligence to harden cyber defense and to put in place the tools and processes to more rapidly and effectively identify indicators of malicious activity.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Recommended mitigations and initiatives to reduce risk include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Prioritized patching of all systems against known Common Vulnerabilities and Exposures (CVEs) ideally supported by a centralized patch management system.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Deploy multi factor authentication (MFA) for all systems and applications which require strong passwords. Do not allow the same passwords to be used in multiple accounts.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Secure and monitor Remote Desktop Protocol (RDP) and other risky services. RDP is often deployed and left unnoticed, with default passwords and relatively easy port access. If RDP is deemed operationally necessary, restrict the originating sources and require MFA to mitigate credential theft and reuse.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Provide end-user awareness and training. Much of the exposure to phishing and ransomware is targeted towards the user at the end-points, generally a result of well-thought through social engineering and targeting. Phishing is one of the top infection vectors for ransomware, and Russian state-sponsored APT actors have conducted successful spear phishing campaigns to gain credentials of target networks.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">To read the CISA alert directly, please refer to this <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-110a\"><span style=\"font-weight: 400;\">direct access link<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For more information on Russian state-sponsored cyber activity, see CISA\u2019s <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/russia\"><span style=\"font-weight: 400;\">Russia Cyber Threat Overview and Advisories<\/span><\/a><span style=\"font-weight: 400;\"> webpage. For more information on the heightened cyber threat to critical infrastructure organizations, there are many additional resources:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Cybersecurity and Infrastructure Security Agency (CISA) <\/span><a href=\"https:\/\/www.cisa.gov\/shields-up\"><span style=\"font-weight: 400;\">Shields Up<\/span><\/a><span style=\"font-weight: 400;\"> and <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/shields-technical-guidance\"><span style=\"font-weight: 400;\">Shields Up Technical Guidance<\/span><\/a><span style=\"font-weight: 400;\"> webpages\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Australian Cyber Security Center\u2019s (ACSC) Advisory <\/span><a href=\"https:\/\/www.cyber.gov.au\/acsc\/view-all-content\/advisories\/2022-02-australian-organisations-should-urgently-adopt-enhanced-cyber-security-posture\"><span style=\"font-weight: 400;\">Australian Organizations Should Urgently Adopt an Enhanced Cyber Security Posture<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Canadian Center for Cyber Security (CCCS) Cyber Threat Bulletin <\/span><a href=\"https:\/\/cyber.gc.ca\/en\/guidance\/cyber-threat-bulletin-cyber-centre-urges-canadian-critical-infrastructure-operators-raise\"><span style=\"font-weight: 400;\">Cyber Center urges Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">National Cyber Security Center New Zealand (NZ NCSC) General Security Advisory <\/span><a href=\"https:\/\/www.ncsc.govt.nz\/newsroom\/gsa-2022-2940\/\"><span style=\"font-weight: 400;\">Understanding and preparing for cyber threats relating to tensions between Russia and Ukraine<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">United Kingdom\u2019s National Cyber Security Center (NCSC-UK) <\/span><a href=\"https:\/\/www.ncsc.gov.uk\/news\/organisations-urged-to-bolster-defences\"><span style=\"font-weight: 400;\">guidance<\/span><\/a><span style=\"font-weight: 400;\"> on how to <\/span><a href=\"https:\/\/www.ncsc.gov.uk\/guidance\/actions-to-take-when-the-cyber-threat-is-heightened\"><span style=\"font-weight: 400;\">bolster cyber defenses<\/span><\/a><span style=\"font-weight: 400;\"> in light of the Russian cyber threat<\/span><\/li>\n<\/ul>\n<p><b>DNS Remains Under Fire<\/b><\/p>\n<p><span style=\"font-weight: 400;\">CISA noted within the alert that under recommendations for protective controls and architecture to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Implement a firewall and configure it to block Domain Name System (DNS) responses from outside the enterprise network or drop Internet Control Message Protocol (ICMP) packets. Review which admin services need to be accessible externally and allow those explicitly, blocking all others by default.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">U.S. Defense Industrial Base organizations may sign up for the NSA Cybersecurity Collaboration Center\u2019s Protective Domain Name System (PDNS) services.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">In March 2022 an ICS Advisory ICSA-21-103-13 noted that the DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory. <\/span><a href=\"http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2020-27736\"><span style=\"font-weight: 400;\">CVE-2020-27736<\/span><\/a><span style=\"font-weight: 400;\"> has been assigned to this vulnerability.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Earlier in January 2022 an ICS Advisory ICSA-21-203-14 update noted that, in this case, the DNS client does not properly randomize UDP port numbers of DNS requests. This could allow an attacker to poison the DNS cache or spoof DNS resolving. <\/span><a href=\"http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2021-27393\"><span style=\"font-weight: 400;\">CVE-2021-27393<\/span><\/a><span style=\"font-weight: 400;\"> has been assigned to this vulnerability.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A June 2021 <\/span><a href=\"https:\/\/info.infoblox.com\/resources-whitepapers-gartner-how-can-organizations-use-dns-to-improve-their-security-posture.html\"><span style=\"font-weight: 400;\">Gartner report<\/span><\/a><span style=\"font-weight: 400;\"> recommends organizations leverage DNS logs for threat detection and forensic purposes with their Security Information and Event Management platforms.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To find out more about how Infoblox can help protect your DNS infrastructure, please reach out to us via <\/span><a href=\"https:\/\/info.infoblox.com\/contact-form\/\"><span style=\"font-weight: 400;\">https:\/\/info.infoblox.com\/contact-form\/<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-7683 size-full\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/shields-up.png\" alt=\"\" width=\"512\" height=\"137\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/shields-up.png 512w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/shields-up-300x80.png 300w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Russia\u2019s invasion of Ukraine could impact organizations both within and beyond the region, to include <\/span><a href=\"https:\/\/www.cisa.gov\/uscert\/russia\"><span style=\"font-weight: 400;\">malicious cyber activity<\/span><\/a><span style=\"font-weight: 400;\"> against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization\u2014large and small\u2014must be prepared to respond to disruptive cyber incidents. As the nation\u2019s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as a warning to prevent other organizations and entities from falling victim to a similar attack.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Organizations should report anomalous cyber activity and\/or cyber incidents 24\/7 to report@cisa.gov or (888) 282-0870.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) AA22-110A on April 20, 2022. The objective of this CSA is to warn organizations that Russia\u2019s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":3087,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[341,641,696,665,333,360],"class_list":{"0":"post-7729","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-russian-state-sponsored","9":"tag-russian-cyber-attack","10":"tag-infrastructure-attack","11":"tag-cyber-attack","12":"tag-cyberattack","13":"tag-dns-security","14":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure<\/title>\n<meta name=\"description\" content=\"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure. The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) AA22-110A on April 20, 2022. The objective of this CSA is to warn organizations that Russia\u2019s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may be driven in response to the massive and unprecedented economic costs imposed on Russia, as well as material support provided by the United States and other allies.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure\" \/>\n<meta property=\"og:description\" content=\"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure. The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) AA22-110A on April 20, 2022. The objective of this CSA is to warn organizations that Russia\u2019s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may be driven in response to the massive and unprecedented economic costs imposed on Russia, as well as material support provided by the United States and other allies.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-13T18:50:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Security-Methodologies.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure\",\"datePublished\":\"2022-05-13T18:50:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/\"},\"wordCount\":986,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Security-Methodologies.jpg\",\"keywords\":[\"Russian state-sponsored\",\"russian cyber attack\",\"infrastructure attack\",\"Cyber attack\",\"Cyberattack\",\"DNS Security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/\",\"name\":\"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Security-Methodologies.jpg\",\"datePublished\":\"2022-05-13T18:50:37+00:00\",\"description\":\"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure. The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) AA22-110A on April 20, 2022. The objective of this CSA is to warn organizations that Russia\u2019s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may be driven in response to the massive and unprecedented economic costs imposed on Russia, as well as material support provided by the United States and other allies.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Security-Methodologies.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Security-Methodologies.jpg\",\"width\":660,\"height\":454},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure","description":"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure. The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) AA22-110A on April 20, 2022. The objective of this CSA is to warn organizations that Russia\u2019s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may be driven in response to the massive and unprecedented economic costs imposed on Russia, as well as material support provided by the United States and other allies.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/","og_locale":"en_US","og_type":"article","og_title":"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure","og_description":"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure. The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) AA22-110A on April 20, 2022. The objective of this CSA is to warn organizations that Russia\u2019s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may be driven in response to the massive and unprecedented economic costs imposed on Russia, as well as material support provided by the United States and other allies.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/","og_site_name":"Infoblox Blog","article_published_time":"2022-05-13T18:50:37+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Security-Methodologies.jpg","type":"image\/jpeg"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure","datePublished":"2022-05-13T18:50:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/"},"wordCount":986,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Security-Methodologies.jpg","keywords":["Russian state-sponsored","russian cyber attack","infrastructure attack","Cyber attack","Cyberattack","DNS Security"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/","url":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/","name":"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Security-Methodologies.jpg","datePublished":"2022-05-13T18:50:37+00:00","description":"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure. The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) AA22-110A on April 20, 2022. The objective of this CSA is to warn organizations that Russia\u2019s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may be driven in response to the massive and unprecedented economic costs imposed on Russia, as well as material support provided by the United States and other allies.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Security-Methodologies.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Security-Methodologies.jpg","width":660,"height":454},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/russian-state-sponsored-and-criminal-cyber-threats-to-critical-infrastructure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7729"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7729\/revisions"}],"predecessor-version":[{"id":7730,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7729\/revisions\/7730"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/3087"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}