Russian hackers have recently scanned the networks of at least five U.S. energy companies and 18 other U.S. defense, financial services and IT firms in a possible prelude to destructive intrusions, the FBI warned industry partners in a recent alert.
While “scanning activity is common on a network,” the Russian IP addresses responsible for this scanning activity “are believed to be associated with cyber actors who previously conducted destructive cyber activity against foreign critical infrastructure,” the bureau said in the March 18 alert obtained by POLITICO.
The FBI urged U.S. energy companies to “examine current network traffic for these IP addresses and conduct follow-on investigations if observed.”
Potent timing: News of the private industry notification, first reported by CBS News, comes one day after President Joe Biden and one of his top cyber officials said Russia seemed to be preparing for cyberattacks on U.S. critical infrastructure. The administration privately briefed companies that appeared to be in Russia’s crosshairs but did not declassify the intelligence underpinning its conclusion.
Strange pings: The FBI said it had identified 140 Russian IP addresses that had engaged in “abnormal scanning activity” against the infrastructure of at least 23 U.S. companies.
“While other U.S. critical infrastructure sectors have noticed abnormal scanning, the focus appears to be on entities within the energy sector,” the bureau said.
The 140 IP addresses listed in the alert have been observed scanning infrastructure operators’ networks since March 2021, but this activity “has increased since the start of the Russia/Ukraine conflict, leading to a greater possibility of future intrusions,” according to the alert.