Since Russia debuted its full-scale invasion of Ukraine in late February, a wave of predictable cyberattacks accompanied that attack, hitting everything from Ukrainian government agencies to satellite networks, with Mix results. Less to be expected, however, was the US government’s cyberattack – not in the form of a retaliatory attack, but in a broad set of aggressive regulatory and policy moves designed to to call upon the Kremlin’s most brazen hacking groups, get them involved, and even directly disrupt their hacking capabilities.
Over the past two months, President Joe Biden’s executive branch has taken more action to stop and even temporarily disarm Russia’s most dangerous hackers than any previous administration in the past two months. such a short period of time. US countermeasures have ranged from publicly attributing responsibility for distributed denial of service attacks on Ukrainian banks to Russia’s GRU military intelligence agency to sealing off two charges against members of the infamous Russian state hacker group carrying out a rare FBI operation aimed at remove malware from network devices that GRU hackers used to take control of a global botnet of hacked machines. Earlier this week, the NSA and the Director General of the Cyber Command Paul Nakasone also told Congress that the Cyber Command had sent “hunt forward” teams U.S. cybersecurity personnel travel to Eastern Europe to search for and eliminate cyber vulnerabilities that hackers could exploit in both Ukraine and the networks of other allies.
J. Michael Daniel, who served as the cybersecurity coordinator at the Obama White House, said: for all manner of state-sponsored hacking threats. “They are trying to disrupt what their opponents are doing now, and also potentially prevent them from taking more far-reaching actions in cyberspace as a result of the war in Ukraine.”
Compared to the Obama administration he served, Daniel said, it’s clear the Biden White House has decided to take a quicker and harder-to-hit approach to fighting Kremlin hackers. That translates to both the US government’s two years of experience dealing with Vladimir Putin’s regime and the urgency of the Ukraine crisis, in which Russian state hackers pose an ongoing threat to Ukraine’s critical infrastructure and also networks in the West, where Kremlin hackers can attack in retaliation for sanctions against Russia and military support for Ukraine. “The Russians have made it clear that gestures and small steps will not stop them,” Daniels said. “We’ve learned that we need to be more aggressive.”
The Biden administration’s rallying responses to Russian cyberattacks began in mid-February, well before Russia launched a full-blown invasion. In one White House press conference, Deputy National Security Adviser Anne Neuberger pointed to Russia’s GRU about a series of denial-of-service attacks that rocked Ukrainian banks in the last week. “The global community must be prepared to shed light on malicious cyber activity and hold the actors responsible for any and all disruptive or disruptive activity,” Neuberger told reporters. . Just days after the GRU attacks, that reprimand represents one of the shortest time periods ever between a cyber activity and the US government’s statement attributing it to a criminal organization. specific relationship – a process that often takes months or even years.
Last month, the Ministry of Justice unsealed charges against four individual Russians in two state-linked hacker groups. An indictment names three alleged spies from Russia’s FSB intelligence service, who allegedly belong to a notorious hacker group, known as Berserk Bear or Dragonfly 2.0, that engaged in a continuous, multi-year attack targeting critical U.S. infrastructure, including multiple breaches of the power grid. The second indictment named another extremely dangerous hacking campaign, one that used malware called Triton or Trisis targeted the safety systems of Saudi Arabia’s Petro Rabigh refinery, potentially endangering lives and leading to two refinery shutdowns. The Justice Department pinned that attack on an employee of the Kremlin-linked Central Scientific Research Institute of Chemistry and Mechanics (known as TsNIIKhM) in Moscow, along with hidden accomplices. another name in the same organization.
