A US government agency announces warning information describing the signature of Russian cyber attack and its defense method


United States Department of Homeland Security(DHS) and the Federal Bureau of Investigation (FBI) jointly investigated cybersity activities by Russia and released warning information including its detailed method on March 15, 2018.

Russian Government Cyber ​​Activity Targeting Energy and Other Critical Infrastructure Sectors | US-CERT

According to the warning information page, since March 2016, the Russian government was targeting US government agencies and important infrastructure such as energy, nuclear power, commercial facilities, water supply, aviation, important manufacturing industries. It also says that surrounding organizations with lower network security have also been sacrificed for use as a foothold when attacking the original target.

Methods used include "Spear phishing"Or"Water fountain type attack"And others are cited. For analysis of attacks,Cyber ​​kill chainIt is said that he used the model, and according to the seven stages of the cyber kill chain model of "reconnaissance" "weaponization" "delivery" "exploit" "invasion" "latent activity" "execution of purpose" It is written whether the attack was done or not. At the end of the warning information page there is also a solution item, for example, various malware information is listedIOCIt concretely describes how security officials can detect and defend attacks, such as comparing the IP address of the package with the communication log of the PC.

Also, the US Treasury Department of Foreign Assets Management (OFAC)As concerning the above-mentioned cyber attack, sanction measures are taken against five organizations including Russian government agencies and 19 individualsAnnounced on March 15, 2018. Because the US side also carries out cyber spy activities in the same way, it is rare in the history that the US government accuses cyber attack activity in this way, it is an event that impresses the conflict between America and Russia.

in Security, Posted by log1d_ts