CISA Official Reveals Close Call with Russian Threat Actors Before Ukraine Invasion

In a chilling revelation, a top official from the Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that Russian state threat actors were on the brink of breaching critical infrastructure entities in the United States just days before the February 2022 invasion of Ukraine.

Mark Singer, the Threat Branch Chief at CISA, shared details of a breach involving a managed service provider (MSP) that catered to crucial infrastructure entities in the U.S. The breach, which occurred between late 2021 and early 2022, raised serious concerns as the threat actors had access to sensitive communications and operational technology data.

CISA’s involvement in the MSP case began in January 2022, a month before the Russian invasion, after it was discovered that the threat actors had breached the MSP’s network in August 2021. An “aggressive containment response” successfully expelled the threat actors, but the extent of the access they had gained remained unclear.

Singer commended Ukraine’s national Computer Emergency Response Team (CERT-UA) for their assistance during the incident and emphasized the growing threat posed by China, particularly in light of their ambitions to invade Taiwan by 2027.

The revelation underscores the ever-present danger posed by state-sponsored threat actors to critical infrastructure and the need for constant vigilance and collaboration among cybersecurity professionals. Singer’s warning serves as a stark reminder of the potential consequences of cyber intrusions on national security and the importance of proactive defense measures.