Deputy national security adviser Anne Neuberger said during Monday’s White House briefing that Russia had been conducting “preparatory activity” for cyber attacks, which she said could include scanning websites and hunting for software vulnerabilities.”
The so-called “preparatory activity” that Neuberger mentioned Monday is likely “not about espionage, it’s probably very likely about disruptive or destructive [cyber] activity,” US Cybersecurity and Infrastructure Security Agency Director Jen Easterly said Tuesday on a phone briefing with industry executives and state and local government personnel, according to three sources on the call.
There are at least 18 US companies in other sectors, such as defense and financial services that were subjected to the scanning, the FBI said.
There are no confirmed breaches related to the scanning, but the FBI advisory is the latest in a chorus of warnings from US officials to critical infrastructure operators to be on alert for potential Russian hacking. “The magnitude of Russia’s cyber capacity is fairly consequential and it’s coming,” Biden told business executives on Monday.
The Russia-based Internet Protocol addresses, or data that identifies a computer, are “believed to be associated with cyber actors who previously conducted destructive cyber activity against foreign critical infrastructure,” the FBI said in its advisory.
“This scanning activity has increased since the start of the Russia/Ukraine conflict, leading to a greater possibility of future intrusions,” the FBI memo states.
For months, the US departments of Energy, Treasury and Homeland Security, among others, have briefed big electric utilities and banks on Russian hacking capabilities, and urged businesses to lower their thresholds for reporting suspicious activity.