WASHINGTON — A new bulletin from the Department of Homeland Security warns that Russia could launch a cyberattack against U.S. targets on U.S. soil if it believes Washington’s response to its potential invasion of Ukraine threatens its long-term national security. .
DHS released the memo to U.S. critical infrastructure operators and state and local governments across the country on Sunday, warning that “Russia maintains a range of offensive cyber tools it could use against U.S. networks” that build everything from airplanes to hospitals to dams and bridges. function.
Separately, an executive from a well-respected private cybersecurity firm warns that while “cyber espionage is already a regular facet of global activity, as the situation deteriorates we are likely to see more aggressive information operations and disruptive cyberattacks inside and outside Ukraine”.
Ukraine:Pentagon puts 8,500 troops on alert as Biden consults with European allies on Ukraine: what we know
“The crisis in Ukraine has already proven to be a catalyst for additional aggressive cyber activity that will likely increase as the situation deteriorates,” wrote John Hultquist, vice president of threat intelligence for Mandiant, a cybersecurity firm. which provides services to private companies, governments. and law enforcement agencies around the world.
“We at Mandiant have anticipated this activity and are concerned that, unlike recent degradation and destructive attacks, future activity is not limited to Ukrainian targets or the public sector,” Hultquist wrote in his Jan. 20 online report.
Paul Rosenzweig, a former senior Homeland Security official, said the DHS Intelligence and Analysis Bulletin highlights that even US efforts to help avoid potential military conflict thousands of miles away have the potential to cause harm. real damage to Americans here at home.
“In a globally connected world, conflicts are no longer geographically isolated. As DHS warns, Russia may respond to U.S. actions in favor of Ukraine by using offensive cyber tools against U.S. networks,” Rosenzweig told USA TODAY. “We’ve seen how vulnerable American systems are – think of the criminals who disrupted gas pipelines and meat packing last year. Now imagine an angry Russia deciding to take it to the next level – processing wastewater; agriculture; transportation are all potential targets.
Pentagon puts 8,500 troops on alert as Biden consults with European allies on Ukraine: what we know
If Russia were to launch such a cyberattack against US targets, Washington would likely retaliate with its own defensive or even offensive cyberweapons. And that could trigger a potentially dangerous escalation that could threaten to drag the United States directly into the conflict between Russia and its neighbor Ukraine.
“That’s why the Russian attack on Ukraine is so dangerous,” Rosenzweig said. “It seems entirely possible that the conflict will spin out of control – both on the ground and in the cyber universe.”
In its memo, DHS said Russian government cyber actors have spent years targeting and gaining access to critical infrastructure in the United States. In a particularly alarming campaign, Russian hackers have compromised US energy networks since at least 2016, performing network reconnaissance and collecting the kind of information needed to take control of those systems if they wanted to, he said. -he declares.
Following:Dam releases, bank bursts and poisoned water: Cyber pros warn worst-case scenarios are possible
“Separately, Russian state-sponsored cyber actors successfully compromised routers, globally, and US state and local government networks, according to a CISA alert and joint US-UK report,” indicates the new DHS memo.
Despite those capabilities, the DHS memo says U.S. intelligence officials believe Russia’s threshold for carrying out disruptive or destructive cyberattacks in the country “likely remains very high,” in part because Moscow has not engaged. in such confrontational behavior in the past.
In a statement late Monday, a Department of Homeland Security official declined to elaborate on the intelligence bulletin, but said DHS routinely shares threat information with federal, state, local, tribal authorities. and territorial organizations and the private sector to help ensure their safety. and security.
Following:Hackers Targeted U.S. Water and Wastewater Facilities in August, Homeland Security Says
“We have increased operational partnerships between private sector companies and the federal government to bolster our country’s cyber defenses, including through CISA’s new Joint Cyber Defense Collaborative,” or JCDC, the official said. , speaking on condition of anonymity to discuss operational details.
“The JCDC brings these partners together to help us understand the full threat landscape and enable real-time collaboration to enable our private sector partners to gain insight and take action against the threats most important to the nation.”
The DHS bulletin is just the latest indication that the US government is concerned about Russian cyberattacks, even as Washington says it is ready to deploy military and intelligence assets to the region in anticipation of a Kremlin military incursion.
A joint cybersecurity advisory — written by CISA, the FBI, and the National Security Agency — was sent nationwide on Jan. 11 with the goal of preparing public, local, and private sector officials with cyberattack capabilities. Russians, including “tactics, techniques, and procedures. It also included detailed instructions on how potential victims could respond to such cyberattacks and reduce their exposure.
And a month earlier, on December 15, the Homeland Security cyber agency sent out another report with the ominous title, “Preparing for and Mitigating Potential Cyber Threats” which warned against sophisticated threat actors, including nation-states like Russia and their proxies, who have proven their ability to compromise US networks and develop “long-term persistence mechanisms” that can lurk in their systems even after the most intensive efforts to eradicate them .
Following:The next big cyber threat is not ransomware. It is killware. And that’s as bad as it sounds.
Officials warn that efforts to stop such cyberattacks on US targets are virtually impossible, given their sophistication – and the relatively lax security protocols that most US companies use. Many, if not most, parts of US critical infrastructure are also vulnerable and have fallen victim to Russian cybercriminals in recent years.
There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on the security of United States, including the economic well-being and health and safety of Americans.
Last year, Russian-based cybercriminals were behind two of the most destructive cyberattacks in recent history, including a ransomware attack that caused operators of the massive colonial pipeline to shut down in May 2021. , leading to widespread gas shortages. Soon after, Russian-linked hackers targeted meat supplier JBS. In both cases, the companies paid millions of dollars in ransom in order to get their systems working again.
Russia was also responsible for one of the most devastating hacks involving US government agencies in late 2020. Known as the SolarWinds breach, US officials say Russian-backed cybercriminals gained access to 10 US government agencies, including DHS and the Department of Commerce.
And Russian military intelligence assets have launched devastating cyberattacks on Ukraine’s power grid for years, successfully shutting down parts of it and knocking out power to millions of people. In recent months, Ukrainian officials have blamed Moscow for another cyber outage affecting numerous government websites.