Emergency Preparedness and Response

CISA, FBI Issue Cybersecurity Advisory Amid Russian Attack on Ukraine

While there are no specific or credible cyberthreats to the U.S. homeland as of press time, the Cybersecurity and Infrastructure Security Agency (CISA) has warned that Russia’s attack on Ukraine, which has involved cyberattacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and its allies. Every organization—large and small—must be prepared to respond to disruptive cyber activity.

CISA and the Federal Bureau of Investigation (FBI) have issued a joint Cybersecurity Advisory providing an overview of destructive malware that has been used to target organizations in Ukraine, as well as guidance on how U.S. organizations can detect and protect their networks. The joint Advisory, “Destructive Malware Targeting Organizations in Ukraine,” provides information on WhisperGate and HermeticWiper malware, both used to target organizations in Ukraine.     

Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. While there is no specific, credible threat to the United States at this time, all organizations should assess and bolster their cybersecurity. Some immediate actions that can be taken to strengthen cyber posture include:     

  • Enable multifactor authentication;   
  • Set antivirus and antimalware programs to conduct regular scans;   
  • Enable strong spam filters to prevent phishing emails from reaching end users;   
  • Update software; and   
  • Filter network traffic.    

“In the wake of continued denial of service and destructive malware attacks affecting Ukraine and other countries in the region, CISA has been working hand-in-hand with our partners to identify and rapidly share information about malware that could threaten the operations of critical infrastructure here in the U.S.,” said CISA Director Jen Easterly. “Our public- and private-sector partners in the Joint Cyber Defense Collaborative (JCDC), international computer emergency readiness team (CERT) partners, and our long-time friends at the FBI are all working together to help organizations reduce their cyber risk.”     

“The FBI, alongside our federal partners, continues to see malicious cyber activity that is targeting our critical infrastructure sector,” said FBI Cyber Division Assistant Director Bryan Vorndran. “We are striving to disrupt and diminish these threats. … We ask that organizations continue to shore up their systems to prevent any increased impediment in the event of an incident.”   

Executives and leaders are encouraged to review the advisory, assess their environment for atypical channels for malware delivery and/or propagation through their systems, implement common strategies, and ensure appropriate contingency planning and preparation in the event of a cyberattack.     

CISA has updated its Shields Up webpage to include new services and resources, recommendations for U.S. corporate leaders and chief executive officers, and actions to protect critical assets. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.