CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy, Environmental Protection Agency, the Department of Defense Cyber Crime Center, and other international partners published a joint cybersecurity advisory, Pro-Russia Hacktivists Create Opportunistic Attacks Against US and Global Critical Infrastructure.
This advisory, published as an addition to the joint fact sheet on Primary Mitigations to Reduce Cyber Threats to Operational Technology (OT) released in May 2025, details that pro-Russia hacktivist groups are conducting less sophisticated, lower-impact attacks against critical infrastructure entities, compared to advanced persistent threat groups. These attacks use minimally secured, internet-facing virtual network computing (VNC) connections to infiltrate or gain access to OT control devices within critical infrastructure systems.
The groups involved, including Cyber Army of Russia Reborn, Z-Pentest, NoName057(16), and Sector16, are taking advantage of the widespread prevalence of accessible VNC devices to execute attacks, resulting in varying degrees of impact, including physical damage.
These groups often seek notoriety by making false or exaggerated claims about their attacks. Their methods are opportunistic, leveraging superficial criteria such as victim availability and existing vulnerabilities. They attack a wide range of targets, from water treatment facilities to oil well systems, using similar tactics, techniques, and procedures.
Top Recommended Actions:
OT owners and operators and critical infrastructure entities should take the following steps to reduce the risk of attacks through VNC connections:
For more information on Russian state-sponsored threat actor activity, visit CISA’s Russia Cyber Threat Overview and Advisories page.
Systems Affected Systems running Microsoft Office XP and Outlook 2002 Overview There…
Systems Affected Applications and systems that use the OpenSSL SSL/TLS library Overview …
Systems Affected Continuing Threats to Home Users View Previous Alerts Alert (SA04-079A) Continuing Threats…
Systems Affected Microsoft Windows systems Overview A cross-domain vulnerability in the Outlook…
Systems Affected Systems running Microsoft Windows Overview There are multiple vulnerabilities in…
Systems Affected Microsoft Windows Operating Systems Microsoft Windows Remote Procedure Call (RPC) and Distributed…
This website uses cookies.