In a move demonstrative of international cooperation and partnership, the Five Eyes (United States, Australia, Canada, New Zealand, and United Kingdom) issued an alert giving a \u201ccomprehensive overview of Russian state-sponsored and cybercriminal threats to critical infrastructure.\u201d The alert also includes remediation guidance, which CISOs will find of particular import.Alert AA22-110A \u2013 Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure, provides details on the cyber operations attributable to Russian state actors, including the Russian Federal Security Service (FSB), Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM). It also identifies cybercriminal organizations, including some which have expressed fealty to the Russian Federation, that have pledged to conduct cyber operations against entities that are providing support to Ukraine. Thus, your company\u2019s position on Russia\u2019s invasion of Ukraine very well may place your company in the target sights of Russian state actors or their cybercriminal cronies.Need to invest in cybersecurityIt cannot be overstated that investment in cybersecurity is a must. \u201cThreats to critical infrastructure remain very real," said Rob Joyce, NSA Cybersecurity Director. "The Russia situation means you must invest and take action.\u201dThe four areas of immediate concern that infosec teams should be addressing will not be alien to any entity with a modicum of cybersecurity acumen:Prioritize patching of known exploited vulnerabilitiesEnforce multi-factor authenticationMonitor remote desktop protocol (RDP)Provide end-user awareness and trainingThe fact that the alert leads with these four items, which many would consider \u201cCybersecurity 101,\u201d suggests that many entities are devoid of such acumen.CISOs will benefit from the depth of this brief, which clearly embraces the axiom, \u201cknowledge is power,\u201d as the multinational comments and attribution statements provide additional clarity to a number of historical cybersecurity incidents.Russia\u2019s cyber threat actors The alert goes into great detail on the various threat actors, a brief synopsis on these follows:FSB: The U.S. and UK have attributed Berserk Bear to be associated with FSB\u2019s Center 16 or GRU Unit 71330, and that the targets are \u201ccritical IT systems and infrastructure in Europe, the Americas and Asia.\u201dSVR:S., Canada and the UK have attributed the SolarWinds Orion compromise to have been conducted by the SVR. An advanced persistent threat (APT) group from within the SVR has been targeting critical infrastructure since at least 2008.GRU: Multiple units within the GRU have been previously identified as potential cyber threat actors. This alert highlights two of those units, Unit 26165 and Unit 74455.Unit 26165 is an APT group whose targets are primarily \u201cgovernment organizations, travel, and hospitality entities, research institutions, and non-governmental organizations, in addition to other critical infrastructure organizations.\u201d Furthermore, the Drovorub malware used in the conduct of cyberespionage activities is attributed to have its origin within the GRU.Unit 74455 is also an APT group is primarily associated with cyber espionage activities, with a particular focus on critical infrastructure within the energy, transportation, and financial services sectors. Unit 74455 notoriety comes from their effective destructive cyber actions -- DDOS and wiper malware attacks. Multiple governments have attributed this APT group to have been instrumental in the 2016 Ukrainian power grid attack and the 2019 attack against Georgian entities.TsNIIKhM: This entity is a part of the R&D arm of the Russian Ministry of Defense. They are adept at creating destructive ICS malware. The attacks against U.S. energy entities in 2021 resulted in this entity being sanctioned and an employee indicted by the Department of Energy.Primitive Bear and Venomous Bear: These have been identified as two state-sponsored APT groups by industry. The alert highlights that the Five Eyes have not, as yet, attributed these two entities as being associated with the Russian government. Nonetheless, the groups are targeting western government entities including Ukrainian government entities, governments aligned with NATO, defense contractors and others deemed of intelligence value.Additionally, Russian cybercriminal groups have been highlighted and their efforts cataloged within the alert. These include The CoomingProject, Killnet, Mummy Spider, Salty Spider, Scully Spider, Smokey Spider, Wizard Spider, and The Xaknet Team.Report incidents and unusual cyber activityThe alert asks organizations to report incidents and unusual cyber activity with their respective government cybersecurity authorities and provides contact information for CISA.CISA Director Jen Easterly emphasized, \u201cWe know that malicious cyber activity is part of the Russian playbook. We also know that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure. Today\u2019s cybersecurity advisory released jointly by CISA and our interagency and international partners reinforces the demonstrated threat and capability of Russian state-sponsored and Russian aligned cybercriminal groups to our homeland.\u201dEasterly urged all organizations to review the guidance in the advisory and on CISA\u2019s Shields Up website, which is updated regularly.