Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

Aston Villa Football Club →

EVENT CALENDAR

May

May TRU Intelligence Briefing

May

Elevate IT Technology Summit Kansas City

May

Cybersecurity Summit Toronto

May

Cybersec Brussels

May

Cybersecurity Summit Austin

View Calendar →

LATEST PRESS RELEASE

Mar 06, 2025

eSentire Unleashes AI-Driven Atlas Nexus Network, Empowering Cybersecurity Partners to Build Differentiated Security Services at Scale

View Newsroom →

OUR PARTNERSHIPS

Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More

Speak With A Security Expert Now

TALK TO AN EXPERT

The Threat

On March 21st, 2022, U.S. President Joe Biden publicly stated that there is an increased risk of Russian Advanced Persistent Threat (APT) groups targeting critical infrastructure in the United States. These statements were made as a result of continued cyber-attacks being launched at organizations in Ukraine by Russian affiliated threat actors. Notable recent incidents include four wiper malware campaigns and ads, appearing on a known Russian hacker forum, where threat actors were looking to buy access to major oil and gas companies.

Organizations are recommended to review their current defenses and operate under a heightened awareness for threats. Recommendations for defending against Russian APT groups are available below and in the CISA SHIELDS UP report.

This Security Advisory serves as a follow up and a deeper dive to this morning's Threat Update, Heightened Threat Scenario: Russian Cyberattacks.

What we’re doing about it

Threat hunts have been, and continue to be performed for indicators associated with Russian cyber criminal and Russian State-sponsored threat actor groups
Asset Data for clients with eSentire’s Managed Vulnerability Service (MVS) has been leveraged to determine if clients were vulnerable to known targeted vulnerabilities by Russian APT groups
- Impacted clients have been notified directly through the SOC
Detections to identify known Russian APT tools and techniques are in place across both eSentire MDR for Endpoint and Network products
eSentire continues to develop new detections across the eSentire product suite in response to Russian APT activity
Known malicious IP addresses associated with Russian and other threat actor groups are blocked via eSentire’s Global Deny List
The eSentire Threat Intelligence team is actively tracking this topic for additional details and detection opportunities

What you should do about it

Organizations without eSentire’s Managed Vulnerability Service (MVS) are recommended to review their environment for critical vulnerabilities and vulnerabilities known to be targeted by Russian APT groups
Ensure that an email security product is in place to identify and prevent potential phishing and malspam attacks
- User training and a reporting process should be in place to ensure end-users can identify and report potentially malicious content that bypasses current security tools
Enforce the use of Multi-Factor Authentication (MFA) for all externally facing services
- Review configuration policies to protect against “fail open” and “re-enrollment” MFA bypass scenarios
Ensure that all non-active accounts are fully disabled across the network including Active Directory and MFA systems
Require the use of long, unique passwords to minimize the likelihood of successful bruteforce attacks
Be prepared to isolate critical infrastructure from the internet
Create and test a Disaster Recovery Plan (DRP) for scenarios including information theft, website defacements, and the deployment of ransomware or wiper malware
Review and apply the recommendations provided by CISA in the SHIELDS UP report

Additional information

The Whitehouse statement on potential cyberattacks from Russian APT groups does not provide technical details or additional context for future attacks. Based on recent cyberattacks in Ukraine by Russian affiliated threat actors, attacks may include the deployment of wiper malware, ransomware, or information stealing malware. Critical infrastructure covers a range of industries; attacks may target energy, finance, defense, manufacturing, government, and other major industries.

eSentire has provided additional resources with information related to recent Russian APT activity:

January 2022 Threat Intelligence Observations webinar
March 2022 Threat Intelligence Observations webinar
Threat Briefing: Potential Cyber Threats Stemming from Russia's Invasion of Ukraine
Threat Advisory: Cyber Threats due to Russian and Ukrainian Tensions
Threat Advisory: Cyclops Blink Malware
Threat Advisory: Russian APT Exploits Known Vulnerability

References:
[1] https://www.cisa.gov/shields-up
[2] https://www.cisa.gov/uscert/ncas/alerts/aa22-011a
[3] https://www.esentire.com/resources/library/january-2022-threat-intelligence-observations
[4] https://www.esentire.com/resources/library/march-2022-threat-intelligence-observations-on-demand
[5] https://www.esentire.com/resources/library/threat-briefing-potential-cyber-threats-stemming-from-russias-invasion-of-ukraine
[6] https://www.esentire.com/security-advisories/cyber-threats-due-to-russian-and-ukrainian-tensions
[7] https://www.esentire.com/security-advisories/esentire-threat-intelligence-advisory-cyclops-blink-malware
[8] https://www.esentire.com/security-advisories/russian-apt-exploits-known-vulnerability

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Continuous Threat Exposure Management (CTEM)

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

MDR Packages and 24/7 Protection

MDR Pricing and Packages

Atlas Essentials

Atlas Advanced

Atlas Complete

24/7 Coverage

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

From The Blog

Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One

MDR Vendors: Complete Guide to Understanding Managed Detection & Response…

Identity is the New Attack Surface: Why Threat Detection Alone Isn't…

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

Maximum Severity SAP Vulnerability Exploited

CrushFTP Authentication Bypass