Today we have released a joint advisory with the US and international partners on pro-Russia hacktivist groups that are conducting unsophisticated attacks against US and global critical infrastructure. This advisory includes an overview of how these hacktivist groups work and the tactics, techniques and procedures (TTPs) they use.
These attacks use minimally secured, internet-facing virtual network computing (VNC) connections to gain access to Operational Technology (OT) control devices within critical infrastructure systems across a range of sectors. These groups exhibit limited capabilities and sophistication, and frequently misunderstand the processes they aim to disrupt, leading to a greater risk of unintended outcomes, including physical and collateral damage.
We strongly recommend that OT owners and operators, and critical infrastructure entities implement the mitigations outlined in the advisory. Additionally, if organisations find exposed systems with weak or default passwords, they should assume the system is compromised and following the incident response protocols.