State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Increase in State-Sponsored and State-Aligned Cyberattacks

Garden State Cyber Threat Highlight

Original Release Date: 12/18/2023

Summary

Cyberattacks attributed to state-sponsored and state-aligned advanced persistent threats (APTs) continue to spike. Recent activity includes Russian threat groups APT 28 and APT 29. APT 28, also known as Fancy Bear and associated with Russia's General Staff Main Intelligence Directorate (GRU), was discovered leveraging a Microsoft Outlook zero-day identified as CVE-2023-23397 . These campaigns, first identified by Ukrainian cybersecurity analysts, primarily targeted the critical infrastructure of NATO countries and entities that provide an informational advantage in diplomatic, economic, and military affairs. APT 29, also known as Cozy Bear and associated with the Russian Foreign Intelligence Service (SVR), was recently observed extensively exploiting CVE-2023-42793, targeting servers hosting JetBrains TeamCity software.

In addition, there has been a notable increase and a change in tactics in cyberattacks launched by Chinese state-aligned threat groups. Nearly two dozen critical infrastructure organizations across the US, including an oil and gas pipeline and a Hawaii-based water utility, were compromised by APTs affiliated with the Chinese People’s Liberation Army (PLA) within the past 12 months. Notably, Volt Typhoon focuses on targets within the Indo-Pacific region, including Hawaii. CISA’s Executive Director, Brandon Wales, voiced concerns that China’s attempts to compromise US critical infrastructure may be, in part, to pre-position themselves to cause disruption or destruction in the event of a conflict to either prevent the US from projecting power into Asia or to cause misdirection and societal chaos inside the US which may impact decisive action if faced with multiple crises. FBI Director Christopher Wray also recently raised concerns regarding the current threat level, stating that he has “never seen a time where all the threats, or so many of the threats, are all elevated, all at exactly the same time.”

Recommendations

The NJCCIC strongly recommends organizations apply available updates immediately after appropriate testing. Additional mitigation measures include exercising vigilance, using strong passwords, and enabling multi-factor authentication (MFA). Further recommendations and technical details can be found in the Joint Cybersecurity Advisory and the National Cyber Security Centre (NCSC) advisory

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.