Joint Cyber Security Advisory: Russian GRU Targeting Western Logistics Entities and Technology Companies
Home > Resources > Joint Cyber Security Advisory: Russian GRU Targeting Western Logistics Entities and Technology Companies
Joint Cyber Security Advisory: Russian GRU Targeting Western Logistics Entities and Technology Companies
Home > Resources > Joint Cyber Security Advisory: Russian GRU Targeting Western Logistics Entities and Technology Companies
Joint Cyber Security Advisory: Russian GRU Targeting Western Logistics Entities and Technology Companies
A joint Cyber Security Advisory issued by 20 government agencies, including the NCSC, NSA and FBI, confirms that Russian GRU cyber actors are actively targeting Western logistics and technology companies. A member of the Data Connect SOC team have reviewed the advisory, sharing their analysis:
Target:
Specifically targeting Western logistics entities and technology companies
more focus on those directly helping Ukraine, but not solely those.
Actions Needed:
Logistics entities and technology companies should recognise the elevated threat of being targeted.
They should increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and implement network defences with a presumption of targeting.
These actors have also targeted Internet connected cameras at Ukrainian border crossings to monitor and track aid shipments.
These actors have targeted entities associated with the following:
Verticals within NATO member states, Ukraine, and at international organizations:
Defence Industry
Transportation and Transportation Hubs (ports, airports, etc.)
 Maritime
 Air Traffic Management
 IT Services
 Railway management
They are mainly using known flaws and common techniques in their attacks.
Recommendations
Employ appropriate network segmentation
Ensure that host and network firewalls are configured correctly to prevent lateral movement
Organizations should take measures to ensure strong access controls and mitigate against common credential theft techniques
MFA
limit the number of admin accounts
Separate privileged accounts
Reduce reliance on passwords
Use account throttling or account lockout
Change all default credentials
As you can see, all of the recommendations match Cyber Essentials so closely.
There is a specific concern around IP Cameras:
Ensure IP cameras are currently supported
Apply security patches and firmware updates
Disable remote access to the IP camera, if unnecessary
Turn off other ports/services not in use
Living Off the Land (LOTL) attacks are becoming a lot more prevalent
If you don’t need it, remove it. These attacks are much more difficult to spot.
