HHS cybersecurity center issues threat brief.
Cyber organizations within Russian intelligence services remain a threat to the health care, medical and scientific sectors in the United States.
The U.S. Department of Health and Human Services’ (HHS) Office of Information Security and the Health Sector Cybersecurity Coordination Center (HC3) published “Major Cyber Organizations of Russian Intelligence Services,” a threat brief summarizing the assessed structure and potential threats of that nation’s cyber programs.
“As one of the five global superpowers, it comes as no surprise that Russia possesses one of the most skilled and dangerous cyber attack capabilities in the world,” HC3 analyst Ellie Wyatt said in a conference call. “While there are a number of associated organizations and threat actors, as you can see, all of them are ultimately controlled by Russia’s President Vladimir Putin.”
The brief did not issue a warning of a health care cyberattack happening now or in the near future. It did outline what is known about hackers working within at least three major organizations that report to Russia’s Security Council.
HC3 recommends steps for mitigating risks:
A U.S. hospital was among about 18,00 SolarWinds customers who became victims in that attack, Wyatt said. APT29 also is known as Cozy Bear and other names.
GRU is associated with APT28, also known as Fancy Bear, the hacking group that attacked the World Anti-Doping Agency and the U.S. Democratic National Committee and Hillary Clinton’s presidential campaign, both in 2016, among others.
APT28 tends to leak stolen data for Russia’ political interests, Wyatt said.
GRU also is associated with threat actor Sandworm, also known as Voodoo Bear, which launched the NotPetya cyber attacks of 2017. The attack corresponded to Russian military action against Ukraine, but the malware spread, shutting down a U.S. pharmaceutical manufacturer and affecting medical records of dozens of U.S. hospitals.