As the U.S. continues to support Ukraine through materiel and international sanctions on Russia, intelligence officials are now warning of a potential cyberattack on key American infrastructure. 

An FBI intelligence memo from March 18 obtained by CBS has revealed that currently 140 or more Russian–based IP addresses are conducting “abnormal scanning activity” of companies in the U.S. energy sector. The FBI believes these IP addresses are associated with actors who have conducted “destructive cyber activity against foreign critical infrastructure.” Such scanning activity is consistent with the early stages of a cyberattack when actors conduct reconnaissance and look for cracks in digital defenses. Thus far, the scanning activity has primarily been directed at five key U.S. energy companies, as well as 18 other companies in industries ranging from defense to financial services. The FBI alert warned, “​​US Energy Sector entities are advised to examine current network traffic for these IP addresses and conduct follow-on investigations if observed.”

The U.S. has accused Russia of conducting several cyberattacks against it in the past, including a foray last month in which hackers obtained unclassified information on American defense contractors going back to 2020. The latest developments increase concerns that the Russian government may conduct cyberattacks in retaliation for U.S. involvement in the war in Ukraine. On February 24, the day Russia invaded Ukraine, Viasat’s KA-SAT internet satellite was hacked, causing it to go down. The U.S.–based communications and defense company has provided services to homes, corporations, and militaries worldwide, including Ukraine’s defense forces. The hack plunged thousands into internet darkness as Russian troops began their invasion into Ukraine. Russia has not yet been confirmed as the perpetrator of the cyberattack. However, international speculation regarding the timing and impact of the hack points towards the attack as being a first step in the Russian invasion.

Following the March 18 memo from the FBI, the Biden administration released a statement from the president on March 21 warning U.S. companies “based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.” On Monday, President Joe Biden told the press, “The magnitude of Russia’s cyber capacity is fairly consequential and it’s coming.” Biden further noted in his discussion the rising tensions due to the war in Ukraine and warned of increased threats as the situation becomes more desperate for Russia. “The more Putin’s back is against the wall, the greater the severity of the tactics he may employ,” Biden told the press.

As the Biden administration attempts to harden U.S. cyber defenses, other experts in the intelligence community have given their own input on the looming threat. Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger said in a briefing Monday afternoon, “To be clear, there is no intelligence that there will be a cyberattack on critical infrastructure.” While Neuberger did reiterate the warnings expressed by the president, her statement did not share the same sense of urgency. Meanwhile, Tom Kellermann, the head of cybersecurity strategy at VMware, an American cloud computing and technology company, echoed the fears of the FBI and President Biden. In a statement Monday, Kellermann commented, “there is a clear and present danger,” and, “destructive cyber attacks are imminent.”

Earlier this month, Congress passed a provision that will require critical infrastructure companies to report cybersecurity intrusions to the Cybersecurity and Infrastructure Security Agency within 24 hours after paying a ransom and 72 hours of an attack. This provision will be employed in the hopes that it will give the Cybersecurity and Infrastructure Security Agency insight into how enemy actors are targeting key infrastructure in the U.S. and allow the agency to generate stronger warnings of threats in the future.

While the administration says is not looking to instigate a confrontation with Russia, it has signaled that it is prepared to respond should a cyberattack occur. Biden told the press Monday that his administration “will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure.”