The FBI warned U.S. businesses on March 18 of multiple energy and defense corporations being “scanned” by Russian internet addresses.
In a statement obtained by CBS, the FBI said that five large U.S. energy companies and eighteen additional companies had been exposed in what the White House calls “preparatory work.”
According to Eric Geller from Politico, businesses involved include those in the U.S. defense and technology sectors.
The act of “scanning” computer systems is not a direct attempt to hack the software but rather a possible precursor to a cyberattack.
IT experts at GreyCampus state that scanning is a “set of procedures for identifying live hosts, ports, and services, discovering [the] Operating system and architecture of target system, [and] identifying vulnerabilities and threats in the network.”
Scanning occurs on a regular basis and usually on an ethical level. However, the FBI is concerned that the Russian IP addresses could match those which “previously conducted destructive cyber activity against foreign critical infrastructure.”
In the FBI bulletin, they claim that the amount of scanning done by Russian internet addresses has risen since the start of the Russian invasion of Ukraine.
On March 21, President Biden addressed the growing threat of Russian cyberattacks. He called the increasing power of Russian hackers “fairly consequential” and that the next cyberattack “is coming.”
The White House said that the Russians could use the newly imposed sanctions as a motive for cyberattacks against U.S. industries.
Anne Neuberger, U.S. deputy national security adviser for cyber technology, said the amount of potentially vulnerable spots in U.S. computer systems is “deeply troubling.” She adds that much of the crucial U.S. infrastructure is owned by private companies, and they should take on more responsibility to protect their computer systems.
At least 140 Russian IP addresses have been found to be scanning U.S. networks linked to energy and defense companies.
“U.S. Energy Sector entities are advised to examine current network traffic for these IP addresses and conduct follow-on investigations if observed,” the FBI warns.
However, they noted that the scanning from the Russian address should not be taken as an absolute threat of a cyberattack but rather as a warning.