Since Russia launched its full-scale invasion of Ukraine in late February, a wave of predictable cyber-attacks has accompanied that offensive, hitting everything from Ukrainian government agencies to satellite networks, with mixed results. Less expected, however, has been the US government’s cyber-counteroffensive — not in the form of retaliatory hacking, but in a wide-ranging collection of aggressive legal and policy moves designed to summon the Kremlin’s most brutal cyber-attack groups, trap them. and even directly disrupt their hacking capabilities.
In the past two months, President Joe Biden’s executive branch has taken more action to deter and even temporarily disarm Russia’s most dangerous hackers than perhaps any previous administration in such a short time. US countermeasures ranged from publicly blaming distributed denial-of-service attacks targeting Ukrainian banks on Russian military intelligence GRU to unlocking two charges against members of notorious Russian state hacker groups to carrying out a rare FBI operation to remove malware from network devices that GRU hackers had in control of a global botnet of hacked machines. Earlier this week, NSA and Cyber Command Director General Paul Nakasone also told Congress that Cyber Command had sent “hunt forward” teams of US cybersecurity personnel to Eastern Europe to identify and eliminate network vulnerabilities that hackers could in Ukraine as well as the networks of other allies.
Together it amounts to “a coordinated, coordinated campaign to use all levers of national power against an adversary,” said J. Michael Daniel, who served as cybersecurity coordinator in the Obama White House and advised the president on policy responses against all sorts of threats. state-sponsored hacking threats. “They are trying to both disrupt what the adversary is currently doing, and possibly also deter them from taking further, more extensive actions in cyberspace as a result of the war in Ukraine.”
Daniel says that compared to the Obama administration he served in, it’s clear that Biden’s White House has decided to take a much faster and tougher approach to countering the Kremlin’s hackers. He attributes the shift to both years of experience of the US government dealing with Vladimir Putin’s regime and the urgency of the Ukrainian crisis, in which Russian state hackers pose a continuing threat to Ukraine’s critical infrastructure as well as networks in the West. what Kremlin hackers are getting out of. in retaliation for sanctions against Russia and military aid to Ukraine. “The Russians have made it pretty clear that signaling and small steps will not deter them,” Daniels says. “We’ve learned to be more aggressive.”
The Biden administration’s rapid responses to Russian cyber-attacks began in mid-February, before Russia even launched a large-scale invasion. In a press conference at the White House, Anne Neuberger, deputy national security adviser, called on the Russian GRU for a series of denial-of-service attacks that had hit Ukrainian banks in the past week. “The global community must be willing to shed light on malicious cyber activity and hold actors accountable for any disruptive or destructive cyber activity,” Neuberger told reporters. That reprimand came just days after the GRU’s attacks and represented one of the shortest periods of time between a cyber operation and a US government statement attributing it to a particular agency — a process that often took months or even years.
Last month, the Justice Department unlocked charges against four individual Russians in two state-affiliated hacker groups. An indictment named three alleged Russian FSB intelligence agents accused of being members of a notorious hacker group known as Berserk Bear or Dragonfly 2.0, which engaged in a years-long hacking attack that repeatedly targeted critical U.S. infrastructure, including multiple breaches of power grids. A second indictment gave a name to another highly dangerous hacking campaign, one that used a piece of malware known as Triton or Trisis to attack the security systems of the Saudi oil refinery Petro Rabigh, potentially endangering lives and leading to two shutdowns. the refinery’s operations. The Justice Department placed that attack on a staffer at the Kremlin-affiliated Central Scientific Research Institute of Chemistry and Mechanics (known as TsNIIKhM) in Moscow, along with other unnamed conspirators at the same organization.
This post How the Russian invasion sparked a US crackdown on its hackers
was original published at “https://www.wired.com/story/russia-ukraine-us-hacker-counterattack”
