Pro-Russia Hacktivists Target US Critical Infrastructure

Executive Summary

Pro-Russia hacktivist groups are conducting opportunistic attacks against US and global critical infrastructure, targeting operational technology (OT) and information technology (IT) systems, according to a joint cybersecurity advisory released by CISA, the FBI, the Department of Energy (DOE), and the European Cybercrime Centre (EC3). The advisory, published on April 28, 2026, warns that these groups are exploiting known vulnerabilities rather than developing zero-days, making patching and basic hygiene critical defenses.

Technical Analysis

The advisory, designated AA25-343A, builds on a May 2025 joint fact sheet on reducing cyber threats to OT and EC3's Operation Eastwood. The attackers employ a range of techniques, including scanning for unpatched systems, using default credentials, and leveraging publicly available exploit code. CISA notes that the activity is opportunistic and not highly sophisticated, but the targeting of critical infrastructure — particularly energy and government sectors — elevates the risk. The advisory does not attribute attacks to a specific named group but broadly characterizes the threat as originating from pro-Russia hacktivist elements. No specific CVEs are cited, as the attacks rely on a broad set of known exploits rather than a single vulnerability.

Mitigations & Recommendations

Defenders should prioritize patching known vulnerabilities in OT and IT systems, enforce multi-factor authentication, and segment networks to limit lateral movement. CISA recommends implementing the mitigations outlined in the May 2025 joint fact sheet, including conducting regular vulnerability scans and applying the principle of least privilege. Organizations should also monitor for unauthorized access attempts and review logs for signs of reconnaissance activity.