2 Remove Virus

U.S. and allies issue new guidance to defend critical infrastructure from Russian cyberattacks

Cybersecurity agencies from the United States and eight allied countries have released a joint advisory warning that Russian state-backed hackers are actively targeting critical infrastructure by exploiting vulnerable internet-connected devices. The guidance provides organizations with practical recommendations to strengthen their defenses against ongoing intrusion campaigns attributed to Russia’s Federal Security Service (FSB).

 

 

The advisory was issued by the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and partner agencies from Australia, Canada, Estonia, Finland, France, Italy, New Zealand, and the United Kingdom. The agencies attribute the activity to FSB Center 16, a Russian intelligence unit also tracked by cybersecurity researchers as APT28 or BlueDelta.

According to the advisory, the attackers focus on internet-facing routers and network edge devices that are either outdated or improperly configured. Once inside a network, they attempt to establish persistent access, move laterally through connected systems, and position themselves for intelligence gathering or future disruptive operations targeting critical infrastructure.

The agencies urge organizations to replace unsupported networking equipment, install security updates as soon as they become available, disable unnecessary internet-facing services, and enforce strong authentication for administrative accounts. Administrators are also encouraged to segment operational technology from corporate IT networks, continuously monitor network activity for suspicious behavior, and review device configurations for unauthorized changes.

The guidance recommends using phishing-resistant multi-factor authentication wherever possible, limiting administrative privileges, maintaining offline backups of critical configurations, and collecting detailed logs to improve incident detection and forensic investigations. Organizations are also advised to remove default credentials, restrict remote management interfaces, and regularly audit devices exposed to the internet.

Officials said the advisory is intended to help operators of critical infrastructure reduce the likelihood of successful compromises as Russian cyber operations continue to target sectors considered strategically important. The warning applies to organizations responsible for essential services, including energy, water, transportation, communications, healthcare, and government systems.