Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive.
The Russian cybercrime group attacked more than 180 organizations before members abandoned the brand and dispersed to new ransomware groups earlier this year.
The activity highlights a rapidly evolving, aggressive cyberespionage operation that played out across Africa, Europe, the Middle East and Asia, a Talos report says.