Russia Cyber Threat Overview and Advisories

This page provides an overview of the Cybersecurity and Infrastructure Security Agency’s (CISA's) assessment of the Russian government’s malicious cyber activities. The overview leverages publicly available, open-source intelligence and information regarding this threat. This page also includes a complete list of related CISA publications, many of which are jointly authored with other U.S. government agencies (Note: unless specifically stated, neither CISA nor the U.S. Government attributed specific activity described in the referenced sources to Russian government actors). Additionally, this page provides instructions on how to report related threat activity.

The Russian government engages in malicious cyber activities to enable broad-scope cyber espionage, to suppress certain social and political activity, to steal intellectual property, and to harm regional and international adversaries.[1] Recent Advisories published by CISA and other unclassified sources reveal that Russian state-sponsored threat actors are targeting the following industries and organizations in the United States and other Western nations: COVID-19 research, governments, election organizations, healthcare and pharmaceutical, defense, energy, video gaming, nuclear, commercial facilities, water, aviation, and critical manufacturing. The same reporting associated Russian actors with a range of high-profile malicious cyber activity, including the 2020 compromise of the SolarWinds software supply chain, the 2020 targeting of U.S. companies developing COVID-19 vaccines, the 2018 targeting of U.S industrial control system infrastructure, the 2017 NotPetya ransomware attack on organizations worldwide, and the 2016 leaks of documents stolen from the U.S. Democratic National Committee.

According to the U.S. Office of the Director of National Intelligence 2021 Annual Threat Assessment, "Russia continues to target critical infrastructure, including underwater cables and industrial control systems, in the United States and in allied and partner countries, as compromising such infrastructure improves—and in some cases can demonstrate—its ability to damage infrastructure during a crisis." The Assessment states that "Russia almost certainly considers cyber attacks an acceptable option to deter adversaries, control escalation, and prosecute conflicts."[2]

Latest U.S. Government Report on Russian Malicious Cyber Activity

On May 09, 2023, CISA and partners released a joint advisory for a sophisticated cyber espionage tool used by Russian cyber actors. Hunting Russian Intelligence “Snake” Malware provides technical descriptions of the malware’s host architecture and network communications, and mitigations to help detect and defend against this threat.

CISA urges organizations to review the advisory for more information and apply the recommended mitigations and detection guidance. For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure.

The Russian Malicious Cyber Activity section below lists all CISA Advisories, Alerts, and Malware Analysis Reports (MARs) on Russian malicious cyber activities. 

Russian Malicious Cyber Activity