Current executive guidance for ongoing cyberattacks in Ukraine

Cyber threat activity against Ukraine, and around the world, has long been a central focus of our work. We continue to monitor the Ukraine-Russia situation by enacting a comprehensive, Talos-wide effort to provide support to our partners and customers. These actions include issuing new Cisco protections based on research findings and malware analysis, enacting an internal crisis management system to formalize components of our investigation, and sharing information with domestic and international intelligence partners.   


Our current guidance continues to echo the recommendations from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that global organizations with ties to Ukraine should carefully consider how to isolate and monitor those connections to protect themselves from potential collateral damage.  

CISA released additional steps organizations could take to protect themselves. We recommend organizations, especially those in critical infrastructure and government, review CISA’s advisory, enable and carefully examine their logs, patch, develop a crisis plan, and implement multi-factor authentication where possible. We also recommend following CISA guidance for safeguarding against foreign influence operations, which Russia previously used against U.S. entities to disrupt critical infrastructure functions. 

The important thing to understand is, regardless of the current situation, our fundamental guidance remains the same. Tech debt, poor cybersecurity hygiene,

Read More: