Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity

CISA, in collaboration with the following organizations, co-authored this joint fact sheet:

• Federal Bureau of Investigation (FBI)
• National Security Agency (NSA)
• Environmental Protection Agency (EPA)
• Department of Energy (DOE)
• United States Department of Agriculture (USDA)
• Food and Drug Administration (FDA)
• Multi-State Information Sharing and Analysis Center (MS-ISAC)
• Canadian Centre for Cyber Security (CCCS)
• United Kingdom’s National Cyber Security Centre (NCSC-UK)

This fact sheet provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who seek to compromise industrial control systems (ICS) and small-scale operational technology (OT) systems in North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors.

The pro-Russia hacktivist activity appears mostly limited to unsophisticated techniques that manipulate ICS equipment to create nuisance effects. However, investigations have identified that these actors are capable of techniques that pose physical threats against insecure and misconfigured OT environments.

CISA and partners encourage OT operators in critical infrastructure sectors to apply the recommendations listed in the fact sheet to defend against this activity. To learn more about secure by design principles and practices, visit CISA's Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.