View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

‘A storm on the horizon’: Five Eyes issue Russian cyberattack warning

A Russian cyberattack on critical infrastructure could be imminent, the Five Eyes security alliance has warned.

By Claudia Glover

Critical national infrastructure is at “increased risk of malicious cyber activity” perpetrated by Russia, according a warning by the UK and its allies in the ‘Five Eyes’ security alliance. A rare joint advisory from the Five Eyes nations states that the war in Ukraine and the sanctions imposed on Russia mean the threat to infrastructure has increased in recent days.

The NCSC and its Five Eyes counterparts have issued a fresh warning over Russian cyberattacks. (Photo by Carl Court/Getty Images)

“Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks,” reads the statement issued by the UK’s National Cyber Security Centre (NCSC), its US equivalent CISA and their colleagues in Australia, New Zealand and Canada late on Wednesday.

The advisory names Russian government organisations including its Foreign Intelligence Service (FSB), the Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU) and the Russian Ministry of Defence, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM) as potential perpetrators of attacks, and details previous attacks, as well as ways to mitigate future malicious activity.

Cybercrime gangs listed in the report include the CoomingProject, Killnet, Mummy Spider, Salty Spider, Scully Spider, Smokey Spider, Wizard Spider and the Xaknet Team, many of which have publicly announced their support of Russia’s war in Ukraine.

“Threats to critical infrastructure remain very real,” said NSA cybersecurity director Rob Joyce. “The Russia situation means you must invest and take action.”

Is a Russian cyberattack on critical infrastructure imminent?

Fears of increased Russian cyber activity have been raised since the war in Ukraine began, but so far attacks have had limited impact. Experts told Tech Monitor that most attacks relating to the conflict have been “no more than a nuisance“. The statement from the Five Eyes countries suggests this could be changing.

“This is certainly a serious concern for the US, UK, and their allies and deserves to be taken more seriously than your average bulletin,” says Chet Wisniewski, principal research scientist at security company Sophos.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Sophisticated cyber weapons have not been used against Western critical national infrastructure yet, but Poppy Gustafsson, CEO of security company Darktrace, says the action of the Five Eyes allies suggests such an attack is inevitable.

“We can say with a degree of confidence that the Russian state and state-affiliated actors have novel and destructive cyberattacks in their arsenal and it is only a matter of time before these are deployed,” Gustafsson says. “The warning from the Five Eyes serves as another reminder of the urgency with which defenders must act to ensure their digital assets are protected.”

How will critical national infrastructure be protected?

CISA in the US has issued “shields up” guidance, a set of technical guidance notes to help US organisations fend off attacks by Russian affiliates. These include enforcing multi-factor authentication and disabling ports and protocols that are not essential. Gustafsson says these measures are unlikely to go far enough in the face of a sustained attack. “These defenders can only take a ‘shields up’ approach so far – we must augment security teams with advanced technology that can spot, stop and investigate attacks on their behalf,” she argues.

As part of the Five Eyes warning, Lindy Cameron, CEO of the NCSC, said it is “vital that all organisations accelerate plans to raise their overall cyber resilience, particularly those defending our most critical assets.” But if an organisation or element of critical national infrastructure is not currently appropriately protected, it is probably too late, explains Chris Grove, director of cybersecurity strategy at Nozomi Networks: “If operators of critical infrastructure aren’t already doing those things, they should stop now, assume they’ve been breached, and start thinking about resilience, consequence reduction, and the impact to safety,” he says.

Grove continues: “The message should be loud and clear, Russian nexus-state actors are on the prowl, cyberspace has become a messy, hot war-zone, and everyone should be prepared for an attack from any direction. I believe that the primary goal of this alert is to ring that bell in the city square letting everyone know there’s a storm on the horizon.”

Read more: Big Tech after Russia – will it stand up to authoritarian regimes?

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.