U.S. cybersecurity officials and international partners have released a joint cybersecurity advisory urging operators of critical infrastructure to take immediate protective measures against a rising wave of opportunistic attacks tied to pro-Russia hacktivist groups.
The alert, published Tuesday, was jointly released by the Cybersecurity and Infrastructure Security Agency, other U.S. agencies and allied cyber authorities.
Titled “Pro-Russia Hacktivists Conduct Opportunistic Attacks Against U.S. and Global Critical Infrastructure,” the advisory stated that the groups have been scanning for and exploiting weakly secured operational technology environments across multiple sectors. Although the attacks rely on basic techniques, agencies said they have disrupted essential services and forced operators into manual procedures.
Critical infrastructure operators remain vigilant as pro-Russia hacktivist attacks escalate. Join the 2026 Cyber Summit on May 21 to learn how federal and industry experts are strengthening cyber resilience.
Table of Contents
How Are Hacktivists Gaining Access to OT Systems?
According to the advisory, intrusions have frequently involved exposed remote access tools, including virtual network computing-connected human-machine interface devices protected by default or weak passwords. It noted that in some cases, actors gained access to OT control devices, changed system configurations and caused operational downtime.
Distributed denial-of-service campaigns have also been used to infiltrate supervisory control and data acquisition networks.
The threat groups are amplifying their operations by publicizing successful compromises and making exaggerated claims of damage to gain visibility, the advisory said.
Which Pro-Russia Hacktivist Groups Are Behind the Activity?
The advisory identifies several pro-Russia hacktivists actively involved in the campaign, including the Cyber Army of Russia Reborn, NoName057(16), Z-Pentest and Sector16, noting that these actors have shown intent to cause real-world disruption and are increasing coordination with one another.
“Russian-affiliated cyber actors continue to engage in malicious activity aimed at disrupting U.S. and allied critical infrastructure,” said Madhu Gottumukkala, acting director at CISA.
What Defensive Measures Are Agencies Recommending?
Organizations are being urged to reduce the internet exposure of industrial systems, implement strong authentication, improve asset visibility, enhance segmentation and monitoring, and adhere to secure-by-design principles.
OT device manufacturers are also encouraged to eliminate systemic weaknesses that attackers exploit.
The 2025 Annual Threat Assessment of the U.S. Intelligence Community designates Russia as a persistent cyber and critical infrastructure threat due to its advanced capabilities and success in compromising sensitive targets and pre-positioning access on U.S. infrastructure. The report highlights Moscow’s strength in integrating cyberattacks with wartime military action, which could amplify its impact on U.S. targets during a conflict.
Related Articles
The National Reconnaissance Office and the U.S. Space Force’s Space Systems Command have launched the NROL-77 mission aboard a SpaceX Falcon 9 rocket from a launch complex at Cape Canaveral Space Force Station in Florida. NRO said Tuesday NROL-77 marks the agency’s 10th and final launch for calendar year 2025. What Is the NROL-77 Mission? NROL-77 is the second NRO mission that the agency launched with SpaceX under the Phase 2 contract of the National Security Space Launch, or NSSL, program awarded in August 2020. “The partnership between NRO and SSC continues to strengthen our nation’s space superiority through innovative
The Department of War has selected Google’s Gemini for Government as the first artificial intelligence tool to be housed on its GenAI.mil platform. The Pentagon said Tuesday that GenAI.mil was established to create an AI-first workforce that utilizes technology to enhance efficiency and combat-readiness. “There is no prize for second place in the global race for AI dominance,” Emil Michael, under secretary of war for research and engineering commented. “We are moving rapidly to deploy powerful AI capabilities like Gemini for Government directly to our workforce. AI is America’s next Manifest Destiny, and we’re ensuring that we dominate this new
A Draper-led team is one of the performers selected by the Advanced Research Projects Agency for Health under its Computational ADME-Tox and Physiology Analysis for Safer Therapeutics, or CATALYST program, which aims to use human-based artificial intelligence models to predict drug safety and effectiveness earlier in the development process. ARPA-H announced the performer teams on Thursday as part of an effort to reduce reliance on animal testing and accelerate timelines for bringing new therapies to patients. ARPA-H’s CATALYST program reflects a major shift toward AI-driven drug safety evaluation. Join top federal and industry leaders shaping that future at the 2025