TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors
Original release date: March 15, 2018 | Last revised: March 16, 2018Systems Affected
Domain ControllersFile ServersEmail ServersOverview
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).For a downloadable copy of IOC packages and associated files, see:TA18-074A_TLP_WHITE.csvTA18-074A_TLP_WHITE.stix.xmlMIFR-10127623_TLP_WHITE.pdfMIFR-10127623_TLP_WHITE_stix.xmlMIFR-10128327_TLP_WHITE.pdfMIFR-10128327_TLP_WHITE_stix.xmlMIFR-10128336_TLP_WHITE.pdfMIFR-10128336_TLP_WHITE_stix.xmlMIFR-10128830_TLP_WHITE.pdfMIFR-10128830_TLP_WHITE_stix.xmlMIFR-10128883_TLP_WHITE.pdfMIFR-10128883_TLP_WHITE_stix.xmlMIFR-10135300_TLP_WHITE.pdfMIFR-10135300_TLP_WHITE_stix.xmlContact DHS or law enforcement immediately to report an intrusion and to request incident response resources or technical assistance.
Powered by WPeMatico