OT/ICS Threat Awareness – (TLP:GREEN) Pro-Russian Hacktivists Continue to Target OT Networks

The FBI Los Angeles Field Intelligence Group, the California Cybersecurity Integration Center, and the Joint Regional Intelligence Center have released a TLP:GREEN Joint Cyber Spotlight titled “Pro-Russian Hacktivist Group Compromises JRIC AOR Entity,” which indicates that a pro-Russian hacktivist group has claimed to have compromised multiple critical infrastructure entities in California. The document contains valuable tactics, techniques, and procedures (TTPs) used by these hacktivists and are mapped to the MITRE attack framework.

The product notes that improperly secured OT systems of American organizations continue to remain attractive targets for unsophisticated Russia-aligned hacktivists due to the outsized attention such attacks receive. Pro-Russian hacktivists, such as the Cyber Army of Russia Reborn, have previously claimed responsibility for attacking water and wastewater facilities. On November 1, 2024, the same Russian group also “gained control of a pump at a California-based oil production platform, increased the pump rate, and disrupted oil production systems,” creating another attention-grabbing attack with minimal investment.

Members are encouraged to review the report to better understand the tactics that such groups use and how they map to the MITRE ATT&CK framework. Access the report below.