UPDATE: On April 20, CISA, in conjunction with FBI, NSA and the cyber entities of the Five-Eyes issued a comprehensive advisory concerning Russian state-sponsored cybers attacks targeting critical infrastructure, which could impact entities in Ukraine and beyond.
The 20-page guide is described as, “the most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February.”
Jen Easterly, CISA Director commented, “We know that malicious cyber activity is part of the Russian playbook. We also know that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure. Today’s cybersecurity advisory released jointly by CISA and our interagency and international partners reinforces the demonstrated threat and capability of Russian state-sponsored and Russian aligned cyber-criminal groups to our Homeland. We urge all organizations to review the guidance in this advisory as well as visit www.cisa.gov/shields-up for continually updated information on how to protect yourself and your business.”


Today, the Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) issued a warning to all cleared defense contractors that their networks were being actively targeted by Russian state-sponsored actors in an effort to obtain sensitive defense information and technologies. The CISA Alert AA22-047A, goes on to highlight how size is not a determinate of Russian targeting, that both small and large cleared defense contractors (CDC)  are being targeted within both the DoD and Intelligence Community.

Those  technologies and support efforts involving CDC’s in the following areas, are specifically being targeted, per this Alert.

  • Command, control, communications, and combat systems;
  • Intelligence, surveillance, reconnaissance, and targeting;
  • Weapons and missile development;
  • Vehicle and aircraft design; and
  • Software development, data analytics, computers, and logistics

To date, CISA advises CDC entities “supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and DoD and Intelligence programs” have been compromised during the sustained efforts of the Russian state-sponsored actors over the course of the past two years (January 2020 through February 2022). The level of compromise has included maintaining a persistent presence in some networks, for as long a six months. Investigatory efforts by the FBI, NSA, and CISA have been able to document the “recurring exfiltration of emails and data.”

CISO and FSO guidance

CISOs and FSOs should familiarize themselves with the Tactics, Techniques, and Procedures (TTP) of the adversaries and apply the Alert’s recommendations to their own environment. Emphasis was made on how the Russian actors use a number of techniques to obtain credentials, to include spear-phishing and credential harvesting and then use brute force to locate valid account credentials. Driving home the need for use of unique credentials and multi-factor authentication on both classified and unclassified networks.

Employees should be reminded that even though unclassified internal communications may not contained “classified” information, such emails may include proprietary or otherwise sensitive information which has no business being in the hands of Russia or any other adversarial nation. To that end, remind employees that they do not get to decide if they are the adversary’s target, that determination is dictated by the adversary. Therefore, it is of the utmost importance that sound cyber hygiene practices be in place and followed.

While the Alert highlights industrial sectors associated with Weapons and Missile Development, Vehicle and Aircraft Design, Software Development and Information Technology, Data Analysis, and Logistics, the threat from the Russian cyber actors are not limited to those sectors. Similarly, CDC community’s wealth of sensitive information which is included in unclassified communications have see adversaries display interest in acquiring email, contract details, product development, tests and timelines, foreign partnerships, and funding.

Director of CISA, Jen Easterly, highlighted today’s warning with a well-timed Tweet, where she urged “#shieldsup”

In closing the Alert highlights four “must” actions to protect against the Russian state-sponsored efforts.

  • Enforce multifactor authentication
  • Enforce strong, unique passwords
  • Enable M365 unified audit logs
  • Implement endpoint detection and response tools

Download the 19-page pdf of the joint cybersecurity advisory, February 16, 2022, AA22-047A

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com