and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data. Global Energy Sector Intrusion Campaign, 2011 to 2018: the FSB conducted a multi-stage campaign in which they gained remote access to U.S.and international oil refineries, nuclear facilities, and energy companies. Department of Justice unsealed indictments of three Russian Federal Security Service (FSB) officers and a Russian Federation Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) employee for their involvement in the following intrusion campaigns against U.S. and international Energy Sector organizations. CISA, the FBI, and DOE are sharing this information in order to highlight historical tactics, techniques, and procedures (TTPs) used by adversaries to target U.S. CISA, the FBI, and DOE responded to these campaigns with appropriate action in and around the time that they occurred. This joint Cybersecurity Advisory (CSA)-coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE)-provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 and targeted U.S. Manage the creation of, modification of, use of-and permissions associated with-privileged accounts.Enforce MFA to authenticate to a system.Implement and ensure robust network segmentation between IT and ICS networks.Actions to Take Today to Protect Energy Sector Networks: