Joint cyber security advisory on pro-Russia hacktivists conducting opportunistic attacks on global critical infrastructure – Canadian Centre for Cyber Security
Summary
The Canadian Centre for Cyber Security, together with the FBI and international partners, has issued a joint advisory warning about pro-Russia hacktivist groups conducting opportunistic, unsophisticated attacks against global critical infrastructure (CI).
Attackers are primarily exploiting minimally secured, internet-facing Virtual Network Computing (VNC) connections to gain access to operational technology (OT) control devices within CI systems. The advisory emphasises practical mitigations and updates CISA’s guidance on primary OT mitigations.
Key Points
- Pro-Russia hacktivists are using simple, opportunistic tactics, techniques and procedures (TTPs) rather than highly sophisticated tradecraft.
- Primary attack vector: poorly secured, internet-facing VNC connections that provide a path into OT control devices.
- Targets are critical infrastructure systems worldwide — disruptions could have severe safety, economic and public-confidence consequences.
- Recommended mitigations include reducing OT exposure to the public internet and implementing strong network segmentation between IT and OT networks.
- Adopt mature asset management: map data flows and access points to understand and reduce attack surface.
- Ensure OT assets use robust authentication and enable control-system security features to separate and audit view vs control functions.
- Collect and monitor OT asset and network device traffic, and set alerts for deviations in setpoint ranges or tag values.
- Implement, test and maintain business recovery and disaster recovery plans to minimise operational impact from incidents.
- The advisory updates CISA’s joint fact sheet on primary mitigations to reduce cyber threats to operational technology.
Why should I read this?
Short version: if you run or secure any OT or critical-infrastructure system, this is worth five minutes of your time. The attackers aren’t exotic — they pick easy targets (like open VNC) and can still cause big harm. Read the mitigations, check your VNC exposure and segmentation, and stop being an easy win.
Author style
Punchy: this advisory is practical and actionable. It’s not alarmist — it’s a clear heads-up with concrete steps you can take now to reduce risk. If you skip it, you’re choosing convenience over basic security.