RadioCSIRT - Pro-Russia Hacktivists Targeting Global Critical Infrastructure
Description
π¨ CRITICAL ALERT:Β CISA, FBI, and NSA issue joint advisory AA25-343A on December 9, 2025, warning of active campaigns by four pro-Russia hacktivist groups exploiting VNC vulnerabilities in OT/ICS systems worldwide.
THREAT ACTORS IDENTIFIED:
- Cyber Army of Russia Reborn (CARR) - GRU Unit 74455 linked
- NoName057(16) - Kremlin CISM creation
- Z-Pentest - CARR/NoName merger, OT-specialized
- Sector16 - Emerging January 2025
ATTACK VECTOR:
Mass exploitation of exposed VNC services (ports 5900-5910) with default/weak credentials on HMI devices. Direct SCADA access causing parameter modifications, alarm disabling, and operational disruptions across water, energy, and agriculture sectors.
IMMEDIATE ACTIONS:
Scan external attack surface, eliminate default credentials, implement MFA, enforce IT/OT segmentation, and deploy continuous monitoring for unauthorized VNC connections.
TARGET AUDIENCE:
CERT, CSIRT, SOC Teams, CISOs, Critical Infrastructure Operators
DURATION:
8 minutes of dense technical intelligence
PRODUCED BY:RadioCSIRT - Daily cyber threat intelligence for operational defense teams
#Cybersecurity #OT #ICS #SCADA #ThreatIntelligence #CriticalInfrastructure #CISA #InfoSec
United States
