A joint cybersecurity advisory issued by the Five Eyes intelligence alliance warns of increased threats to critical infrastructure originating from Russia.
The Five Eyes alliance comprises the United States, the United Kingdom, Australia, Canada, and New Zealand, collaborating closely on signals intelligence and shared security concerns.
Some historians trace the alliance’s roots to post-World War II cooperation. Canadian academic Srdjan Vucetic notes that Winston Churchill’s 1946 Iron Curtain speech argued for greater coordination among democracies in the face of Soviet expansion—an idea that evolved into modern intelligence partnerships.
Russia’s recent invasion of a sovereign European nation, accompanied by alarming rhetoric and nuclear threats, has revived Cold War–era tensions and underscored the continued relevance of alliances such as the Five Eyes and NATO.
Modern conflict increasingly includes cyber operations, and the alliance has repeatedly cautioned that Russia’s cyber capabilities pose a serious, potentially devastating risk to public and private sector infrastructure.
“Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks,” the Five Eyes advisory states.
The advisory details that recent Russian state-linked operations have included distributed denial-of-service (DDoS) attacks and, historically, destructive malware deployed against Ukrainian government and critical infrastructure organizations.
Many cyberattacks have been attributed to groups with suspected ties to the Russian state, such as Fancy Bear. In addition, an increasing number of independent cybercrime groups have declared support for Russia, complicating attribution and making it harder to determine when an attack is directly state-sponsored.
Known groups that have aligned themselves with or expressed support for Russia include:
- The CoomingProject
- Killnet
- MUMMY SPIDER
- SALTY SPIDER
- SCULLY SPIDER
- SMOKEY SPIDER
- WIZARD SPIDER
- The Xaknet Team
These Russian-aligned cybercrime groups have publicly threatened cyber operations in retaliation for perceived attacks on Russia or its people. Some have also targeted nations and organizations providing material support to Ukraine.
The Five Eyes partners caution organizations that they may become targets in response to their support for Ukraine, the economic sanctions imposed on Russia, and increasing documentation of wartime abuses.
According to the advisory, Russia’s state-sponsored cyber actors have shown they can compromise IT networks, establish long-term persistent access, exfiltrate sensitive data from both IT and operational technology (OT) systems, and disrupt industrial control systems (ICS) and OT functions using destructive malware. Historically cited examples include BlackEnergy and NotPetya, which caused widespread disruption.
Earlier advisories from U.S. government agencies have similarly warned that nation-state actors are deploying specialized malware to maintain access to ICS and SCADA (supervisory control and data acquisition) devices—targets that directly affect critical infrastructure.
The FBI has also warned that ransomware attacks against the food and agriculture sectors are especially likely during planting and harvest seasons, when disruption can cause cascading effects across supply chains and exacerbate shortages and economic strain.
As the conflict continues with no clear end in sight, the joint warnings from Five Eyes and other global security agencies highlight the urgent need for organizations to strengthen cybersecurity defenses, monitor networks for suspicious activity, and adopt best practices to protect both IT and OT environments.
(Photo by Marcel Eberle on Unsplash)
Interested in learning more about cybersecurity and cloud technology from industry leaders? Consider attending Cyber Security & Cloud Expo events held in Amsterdam, California, and London.
Discover additional enterprise technology events and webinars organized by TechForge.