According to an FBI advisory, Russian hackers have scanned at most five energy companies for vulnerabilities. At least 18 other companies are also being scanned in sectors such as financial services and defense industrial base. None of the companies are identified in the advisory.
While scanning a network for vulnerabilities and flaws is common, it does not necessarily indicate an attack is imminent. However, the activity may sometimes be a sign that one is coming. The FBI's Friday warning underscores the Biden administration’s increased cybersecurity concerns as a result of Russia's war in Ukraine.
The White House stated Monday that there was "evolving intelligence" that Russia may be considering cyberattacks against U.S. critical infrastructure. Anne Neuberger (White House deputy national security advisor for cyber and emerging technology) expressed frustration at the White House press conference that certain critical infrastructure entities had failed to address known software flaws that could have been exploited by Russian hackers.
The Cybersecurity and Infrastructure Security Agency held a conference call Tuesday with over 13,000 industry representatives to warn of future cyberattacks and reinforce the need for people to take immediate action to safeguard themselves.
The FBI advisory shared 140 IP addresses (internet protocol) that it claims were previously linked to the scanning of U.S. critical infrastructure since March 2021. According to the alert, scanning has increased in recent months, which "leaves open the possibility for future intrusions."
According to the advisory, even though the FBI acknowledges that scanning activity can be common, the IP addresses could be associated with hackers who have "conducted destructive cyber activities against foreign critical infrastructure."
