Authorities Call for Action Against Pro-Russian Hacktivist Attacks

This post is also available in: עברית (Hebrew)

Authorities including the CISA, the FBI, the NSA, the EPA, the Department of Energy, and others, are calling operators of critical infrastructure to take immediate cybersecurity action – change all default passwords on OT (operational technology) devices, limit exposure of OT systems to the internet, and implement multifactor authentication for all access to the OT network.

This joint advisory was published as a reaction to continued malicious cyber activity conducted by pro-Russia hacktivists, who were identified by experts as “capable of techniques that pose physical threats against insecure and misconfigured OT environments.”

The document states: “These hacktivists seek to compromise modular, internet-exposed industrial control systems (ICS) through their software components, such as human-machine interfaces (HMIs), by exploiting virtual network computing (VNC) remote access software and default passwords.”

According to Cybernews, cybersecurity experts have observed pro-Russian hacktivists gaining remote access by exploiting publicly exposed internet-facing connections and outdated VNC software, as well as using factory default passwords and weak passwords without multifactor authentication.

The CISA and the FBI have responded to several US-based victims from the water sector, but most of the physical disruptions were reportedly limited – the hacktivists manipulated interfaces and altered settings, turned off the alarm mechanisms, and changed administrative passwords to lock out operators.

“Historically, these hacktivists have been known to exaggerate their capabilities and impacts to targets. Since 2022, they have claimed on social media to have conducted cyber operations (such as distributed denial of service, data leaks, and data wiping) against a variety of North American and international organizations,” so reads the report.

Authorities in the joint advisory listed many ways to protect against pro-Russian hacktivists, calling for network defenders to harden remote access to the industrial interfaces, strengthen security posture, and limit adversarial use of common vulnerabilities by reducing risk exposure. They also call for OT device manufacturers to eliminate the option to use default passwords, mandate multifactor authentication for privileged users, and list all the software components that are included in their systems.

The report concluded that “by using secure by design tactics, software manufacturers can make their product lines secure “out of the box” without requiring customers to spend additional resources making configuration changes, purchasing tiered security software and logs, monitoring, and making routine updates.”