CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy, Environmental Protection Agency, the Department of Defense Cyber Crime Center, and other international partners published a joint cybersecurity advisory, Pro-Russia Hacktivists Create Opportunistic Attacks Against US and Global Critical Infrastructure.
This advisory, published as an addition to the joint fact sheet on Primary Mitigations to Reduce Cyber Threats to Operational Technology (OT) released in May 2025, details that pro-Russia hacktivist groups are conducting less sophisticated, lower-impact attacks against critical infrastructure entities, compared to advanced persistent threat groups. These attacks use minimally secured, internet-facing virtual network computing (VNC) connections to infiltrate or gain access to OT control devices within critical infrastructure systems.
The groups involved, including Cyber Army of Russia Reborn, Z-Pentest, NoName057(16), and Sector16, are taking advantage of the widespread prevalence of accessible VNC devices to execute attacks, resulting in varying degrees of impact, including physical damage.
These groups often seek notoriety by making false or exaggerated claims about their attacks. Their methods are opportunistic, leveraging superficial criteria such as victim availability and existing vulnerabilities. They attack a wide range of targets, from water treatment facilities to oil well systems, using similar tactics, techniques, and procedures.
Top Recommended Actions:
OT owners and operators and critical infrastructure entities should take the following steps to reduce the risk of attacks through VNC connections:
For more information on Russian state-sponsored threat actor activity, visit CISA’s Russia Cyber Threat Overview and Advisories page.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international…
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of ongoing intrusions by People’s Republic…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released nine Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current…
This website uses cookies.