CISA warns of hybrid operations threat to US critical infrastructure

CISA urged leaders of U.S. critical infrastructure organizations on Friday to increase their orgs' resilience against a growing risk of being targeted by foreign influence operations using misinformation, disinformation, and malformation (MDM) tactics.

Multiple influence operations coordinated by foreign actors had an impact on US critical services and functions across critical sectors," according to the cybersecurity agency.

"Current social factors—including heightened polarization and the ongoing global pandemic—increase the risk and potency of influence operations to U.S. critical infrastructure," CISA warned.

Risks increased by Ukraine-Russia tensions

These MDM campaigns can also be paired with cyberattacks as part of hybrid operations to "derive content, create confusion, heighten anxieties, and distract from other events."

Malicious actors can also use such tactics to shape the public's opinion, undermine trust in the state's capabilities, and amplify division.

The federal agency cautioned that the current tensions between Russia and Ukraine are behind an increased risk of influence operations that could directly impact National Critical Functions (NCFs) and critical infrastructure orgs.

"In light of developing Russia-Ukraine geopolitical tensions, the risk of foreign influence operations affecting domestic audiences has increased," CISA added [PDF].

"Recently observed foreign influence operations abroad demonstrate that foreign governments and related actors have the capability to quickly employ sophisticated influence techniques to target U.S. audiences with the goal to disrupt U.S. critical infrastructure and undermine U.S. interests and authorities."

Ongoing hybrid warfare campaign

This warning comes the White House pinned this week's wide-scale DDoS attacks targeting Ukrainian banks and government agencies on the Russian main intelligence directorate (aka GRU) during a press briefing on Friday.

This attribution was made based on high volumes of traffic to Ukraine-based IP addresses and domains from GRU infrastructure.

The UK government also blamed Russian GRU hackers for the distributed denial of service attacks targeting "the financial sector in Ukraine."

The Security Service of Ukraine (SSU)—whose website has been unreachable since Wednesday— said in a Monday press release that the country is currently the target of a "massive wave of hybrid warfare." 

This is eerily similar to the hybrid operations (combining cyberattacks and MDM campaigns) mentioned by CISA in its Friday advisory.