On Friday, hackers temporarily shut down dozens of Ukrainian government websites, causing no major damage but heightening tensions as Russia accumulates troops on the Ukrainian border. Separately, in a rare gesture for the US at a time of frosty relations, Russia said it had arrested members of a large ransomware gang that targeted US entities.
The events, while seemingly unrelated, took place during a frenetic period of activity, when the US publicly accused Moscow of preparing a new invasion of Ukraine and creating a pretext to do so. They highlighted how cybersecurity remains a key concern – that growing animosity risks not only real violence, but also harmful digital attacks that could affect Ukraine or even the US.
The White House said on Friday that President Joe Biden had been made aware of the outages, which hit about 70 websites of national and regional government agencies, but did not name who could be responsible.
But even without any attribution of responsibility, suspicions were cast on Russia, with its track record of peppering Ukraine with harmful cyberattacks. Ukraine’s Security Service, the SBU, said preliminary results of an investigation indicate the involvement of “hacker groups linked to Russian intelligence services”. The SBU said the culprits “hacked the infrastructure of a commercial company that had access, with administrator privileges, to websites affected by the attack.”
The White House said it was still evaluating the impact of the disfigurements, but described it as “limited” so far. Meanwhile, a senior administration official said the White House received news of the arrests in Russia of suspected ransomware gang members, an operation Moscow said was carried out at the request of US authorities.
The official, who briefed reporters on condition of anonymity, said one of those arrested was linked to the Colonial Pipeline hack that resulted in days of gas shortages in parts of the US last year. The arrests are considered by the White House to be unrelated to the Russia-Ukraine tension, according to the official.
Russia’s previous cyber operations against Ukraine include a hack of its voting system ahead of the 2014 national elections and its electrical grid in 2015 and 2016. In 2017, Russia unleashed one of the most damaging cyberattacks ever recorded with the virus. NotPetya, which hit businesses and caused over $10 billion (approximately Rs.74387 crore) in damages globally. Moscow has previously denied involvement in cyberattacks against Ukraine.
Ukrainian cybersecurity professionals, aided by more than $40 million (approximately Rs. 296,625) in US State Department assistance, have been strengthening critical infrastructure defenses ever since. NATO Secretary General Jens Stoltenberg said on Friday that the alliance will continue to provide “strong political and practical support” to Ukraine in light of the cyberattacks.
Experts say Russian President Vladimir Putin could use cyberattacks to destabilize Ukraine and other ex-Soviet countries that want to join NATO without having to send troops. Tensions between Ukraine and Russia are high, with Moscow amassing around 100,000 troops near its extensive border with Ukraine.
“If you’re trying to use it as a stage and a deterrent to stop people from moving forward with the NATO consideration or other things, cyber is perfect,” Tim Conway, a cybersecurity instructor at the SANS Institute, told AP on last week.
The main question for the site’s defacements is whether they are the work of Russian freelancers or part of a larger state-backed operation, said Oleh Derevianko, a leading private sector expert and founder of cybersecurity firm ISSP.
A message posted by the hackers in Russian, Ukrainian and Polish claimed that the Ukrainians’ personal data was put online and destroyed. He told Ukrainians to “be afraid and expect the worst”. In response, the Polish government noted that Russia has a long history of disinformation campaigns and that the Polish in the message was riddled with errors and was clearly not from a native speaker.
Researchers at global risk think tank Eurasia Group said Ukraine’s defacements “do not necessarily point to an imminent escalation of hostilities by Russia” — they are at the lowest level on their scale of cyber options. They said Friday’s attack amounts to “trolling, sending a message that Ukraine can see the worst to come”.
The defacements followed a year in which cybersecurity became a top concern because of a Russian government cyberespionage campaign targeting US government agencies and ransomware attacks launched by criminal gangs based in Russia.
On Friday, Russia’s Federal Security Service, or FSB, announced the arrest of members of the REvil ransomware gang. The group was behind last year’s July 4th weekend supply chain attack targeting software company Kaseya, which crippled more than 1,000 companies and public organizations worldwide.
The FSB claimed to have disbanded the gang, but REvil effectively disbanded in July. Cybersecurity experts say its members have moved on to other ransomware syndicates. They cast doubt on Friday whether the arrests would significantly affect ransomware gangs, whose activities have declined only moderately after high-profile attacks on critical US infrastructure last year, including the Colonial Pipeline.
The FSB said it raided the homes of 14 members of the group and seized over RUB 426 million (approximately Rs 41.66 crore), including cryptocurrencies, as well as computers, crypto wallets and 20 elite cars “purchased with money obtained through criminal means.” ”. All detainees were charged with “illegal circulation of means of payment”, a crime punishable by up to six years in prison. The suspects have not been identified.
According to the FSB, the operation was carried out at the request of US authorities, who identified the group’s leader. It is the first significant public action by Russian authorities since Biden warned Putin last summer that he needed to crack down on ransomware gangs.
Experts said it was too early to know whether the arrests signaled a major Kremlin crackdown on ransomware criminals — or whether it could have just been a piecemeal effort to appease the White House.
“Serving the sentence will send the strongest signal one way or another as to whether there has really been a change in how tolerant Russia will be in the future for cybercriminals,” Bill Siegel, CEO of ransomware response company Coveware, said in a statement. an e-mail.
Yelisey Boguslavskiy, research director at Advanced Intelligence, said the inmates are likely low-level affiliates — not the people who ran the ransomware-as-a-service, which disbanded in July. REvil also apparently stole some affiliates so he would have enemies in the underworld, he said.
The REvil attacks crippled tens of thousands of computers worldwide and yielded at least $200 million in ransom payments, Attorney General Merrick Garland said in November when announcing charges against two hackers affiliated with the gang.
These attacks drew significant attention from law enforcement authorities around the world. Hours before the US announced its arrests, European law enforcement officials revealed the results of a 17-country operation that lasted months and resulted in the arrest of seven hackers linked to REvil and another ransomware family.
The AP reported last year that US officials, meanwhile, had shared a small number of names of suspected ransomware operators with Russian officials.
Brett Callow, a ransomware analyst at cybersecurity firm Emsisoft, said that whatever Russia’s motivations, the arrests “would certainly send shockwaves through the cybercrime community.
See the latest from the Consumer Electronics Show on Gadgets 360 in our CES 2022 hub.