How the Russian Invasion Triggered the US Crackdown on Hackers

- Advertisement -

Ever since Russia launched his full-scale invasion of Ukraine at the end of February, a wave of predictable cyberattacks accompanied this offensive, hitting everything from Ukrainian government offices to satellite networks, from mixed results. Less anticipated, however, has been a US government cyber counteroffensive—not in the form of a retaliatory hack, but in the form of a wide array of aggressive legal and political moves designed to call out, corner, and even directly disrupt the Kremlin’s most brazen cyberattack teams. their hacking capabilities.

- Advertisement -

Over the past two months, President Joe Biden’s executive branch has taken more action to contain and even temporarily disarm Russia’s most dangerous hackers than perhaps any previous administration in such a short amount of time. The U.S. countermeasures have ranged from publicly blaming distributed denial of service attacks targeting Ukrainian banks to Russian military intelligence GRU, to uncovering two indictments against members of notorious Russian state hacker groups, and conducting a rare FBI operation to remove malware from network devices that GRU hackers used to control a global botnet of hacked machines. Earlier this week, NSA and Cyber ​​Command CEO Paul Nakasone also told Congress that Cyber ​​Command sent commands to “hunt ahead” US cybersecurity personnel to Eastern Europe to find and fix network vulnerabilities that hackers can exploit both in Ukraine and in the networks of other allies.


- Advertisement -

This content can also be viewed on the website originates from.

Together, this amounts to “a concerted, coordinated campaign to use all the levers of national power against the adversary,” says J. Michael Daniel, who served as cybersecurity coordinator in the Obama White House, advising the president on policy issues. to all kinds of government-sponsored hacker threats. “They are trying to disrupt what the enemy is currently doing and also potentially deter them from further, larger actions in cyberspace as a result of the war in Ukraine.”

- Advertisement -

Daniel says that compared to the Obama administration he served under, it is clear that the Biden White House has decided to take a much faster and more effective approach to countering Kremlin hackers. He attributes the shift to the US government’s years of experience with the Vladimir Putin regime and the urgency of the Ukraine crisis, where Russian state hackers pose a constant threat to critical Ukrainian infrastructure as well as networks in the West where Kremlin hackers can strike. in retaliation for sanctions against Russia and military support for Ukraine. “The Russians have made it clear that signals and small steps will not stop them,” says Daniels. “We realized we needed to be more aggressive.”

The Biden administration’s response to Russian cyberattacks began in mid-February, before Russia even launched its full-scale invasion. AT Press conference at the White House, Deputy National Security Adviser Ann Neuberger called on Russia’s GRU for a series of denial-of-service attacks that hit Ukrainian banks last week. “The global community must be prepared to shed light on malicious cyber activity and hold participants accountable for any disruptive or destructive cyber activity,” Neuberger told reporters. This rebuke, coming just days after the GRU attacks, represented one of the shortest times between a cyber operation and a US government statement attributing it to a particular agency, a process that often took months or even years.

Last month the Department of Justice uncovered indictments against four individual Russians in two government-linked hacker groups. One indictment names three alleged Russian FSB agents who are accused of being part of a notorious hacker group known as Berserk Bear or Dragonfly 2.0. participated in a decades-long hacking spree that repeatedly hit critical US infrastructure., including multiple power outages. The second indictment named another very dangerous hacking campaign that used piece of malware known as Triton or Trisis attack the security systems of the Saudi oil refinery Petro Rabigh, which could endanger lives and lead to two plant shutdowns. The Justice Department attributed the attack to an employee of the Kremlin-linked Central Research Institute of Chemistry and Mechanics (known as TsNIIKhM) in Moscow, as well as other unnamed associates from the same organization.

At the same time, the Cybersecurity and Infrastructure Security Agency, the Department of Justice and the FBI have taken on a third Russian state hacker group even more directly. In February, CISA issued its first warning that the GRU hacker group known as Sandworm was achievement list which includes everything from blackouts in Ukraine to release NotPetya malware which caused $10 billion in damage worldwide, assembled a botnet of hacked network devices, and a guide to detecting and removing malware known as Cyclops Blink. When this warning resulted in only a 39 percent drop in the number of devices taken over by the botnet, the FBI took the rare step of actually simulating messages from hackers on their command and control machines, sending commands to remove hacker malware from devices. these devices and thus block Sandworm’s access to at least part of its botnet.

The specific pursuit of these three hacker groups — FSB-affiliated hackers Berserk Bear, TsNIIKhM hackers allegedly behind Triton, and GRU-affiliated group Sandworm — shows how the U.S. government is deliberately taking action to contain and disable Russian hackers who represent the biggest the threat is not just espionage or cybercrime, but targeted destructive cyberwarfare,” says John Hultquist, who heads threat intelligence at cybersecurity firm Mandiant and has been tracking all three groups for years. “At a time when the United States is preparing for possible cyberattacks from Russia, the Justice Department has charged two of these individuals and carried out an operation against a third,” says Hultquist. “These are subjects that have a history and a proven ability for disruptive and destructive attacks. That is why the operations were carried out and should be focused on these actors.”

The Biden administration has been careful in its support of Ukraine to avoid any hostilities that could escalate into a full-blown conflict between Russia and NATO, providing weapons and assistance to Ukraine but not actively participating in its hostilities. Even though the US government is taking more aggressive cyber countermeasures, those measures seem to be calculated to be well below any escalation threshold, says Jacqueline Schneider, a Stanford Hoover Institution research fellow who studies cyber escalation. “If you look at what the United States is giving Ukraine in terms of support, the Javelin missile will always be more of a means of violence than cyberspace,” Schneider says. “I am very optimistic that what the US is doing will not lead to violent retaliation, and I also think that it will not be associated with any escalation in cyberspace. If the Russians are going to use a cyberattack, it’s because the Russians want to use a cyberattack.”

The looming question is whether the executive’s countermeasures will be sufficient to deter or curtail the Kremlin’s most brazen cyberattack groups. But Daniel, Obama’s former cybersecurity adviser, argues that they will at least have some effect – that the costs they impose on Russian hackers are worth the cost to the US, even if that includes low escalation risk and more significant effects. the risk of revealing confidential intelligence sources or methods.

“They have to spend time and money rebuilding their infrastructure, and it’s time and money they don’t spend on subversive activities,” says Daniel. “Even if we force them to use other tricks, to be slower, to be more careful, then this is an effect, right? And that reduces their operational capability and their operational efficiency.”

More Great WIRED Stories


Credit: /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox