Úvodní stránka

Národní úřad pro kybernetickou a informační bezpečnost

Logo NÚKIB

The NÚKIB has joined an international warning about pro-Russian hacktivist groups attacking critical infrastructure entities

The National Cyber and Information Security Agency (NÚKIB), together with the Military Intelligence Service, the National Centre for Counterterrorism, Extremism and Cybercrime, the United States and other partners, has joined a warning issued by the U.S. Federal Bureau of Investigation (FBI) about cyberattacks carried out by pro-Russian hacktivist groups targeting critical infrastructure.

Unlike advanced persistent threat (APT) actors, these groups use less sophisticated methods with lower impact. However, such attacks can still result in damage to the targeted systems. These groups often lack understanding of the processes they attempt to disrupt, which can lead to unintended consequences, including physical damage to systems.

Pro-Russian hacktivist groups mentioned in the warning include, for example, Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057(16), Sector16 and other affiliated actors. Regarding the group NoName057(16), which primarily focuses on DDoS attacks and has targeted Czech institutions and companies, NÚKIB has recorded 42 cyber incidents since 2023 — all of them DDoS attacks.

Pro-Russian hacktivists employ easily accessible and easily replicable tactics, which can contribute to a higher frequency of disruptions. These groups often carry out attacks through poorly secured, publicly accessible VNC connections, which they use to gain access to the control systems of operational technology (OT).

The advisory includes specific recommendations for owners and operators of OT systems — such as limiting OT device access to public networks, implementing robust authentication, configuring safe value ranges within systems, and regularly monitoring operational data.

This is historically the second Joint Cybersecurity Advisory related to Russian threats published in cooperation with U.S. partners. The advisory also serves as an example of the operational collaboration between NÚKIB and the United States in the area of information sharing and cyber threat analysis.

You can find the full text of the advisory here:
Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure | CISA