How Russia’s Invasion Triggered a US Crackdown on Its Hackers

U.S. President Joe Biden delivers remarks on developments in Ukraine and Russia to reporters - Photograph: Drew Angerer/Getty Images

How Russia’s Invasion Triggered a US Crackdown on Its Hackers
WIRED, April 8, 2022
Security
By Andy Greenberg

“The Biden White House is using “all of the levers of national power” to counter—or preempt—cyberattacks by Russia’s most dangerous hacker groups.”

 

Since Russia launched its full-blown invasion of Ukraine in late February, a wave of predictable cyberattacks has accompanied that offensive, striking everything from Ukrainian government agencies to satellite networks, with mixed results. Less expected, however, was the cyber counteroffensive from the US government—not in the form of retaliatory hacking, but in a broad collection of aggressive legal and policy moves designed to call out the Kremlin’s most brazen cyberattack groups, box them in, and even directly disrupt their hacking capabilities.

 

Over the past two months, President Joe Biden’s executive branch has taken more actions to deter and even temporarily disarm Russia’s most dangerous hackers than perhaps any previous administration in such a short space of time. US countermeasures have ranged from publicly pinning the blame for distributed denial of service attacks targeting Ukrainian banks on Russia’s GRU military intelligence agency to unsealing two indictments against the members of notorious Russian state hacker groups to undertaking a rare FBI operation to remove malware from network devices that GRU hackers had used to control a global botnet of hacked machines. Earlier this week, NSA and Cyber Command director general Paul Nakasone also told Congress that Cyber Command had sent “hunt forward” teams of US cybersecurity personnel to Eastern Europe to seek out and eliminate network vulnerabilities that hackers could exploit in both Ukraine and the networks of other allies.

 

Together, it adds up to “a concerted, coordinated campaign to use all of the levers of national power against an adversary,” says J. Michael Daniel, who served as the cybersecurity coordinator in the Obama White House, advising the president on policy responses to all manner of state-sponsored hacking threats. “They’re trying to both disrupt what the adversary is doing currently, and to also potentially deter them from taking further, more expansive actions in cyberspace as a result of the war in Ukraine.”

 

Daniel says compared to the Obama administration he served in, it’s clear the Biden White House has decided to take a far faster and harder-hitting approach to countering the Kremlin’s hackers. He attributes that shift to both years of US government experience dealing with Vladimir Putin’s regime and the urgency of the Ukrainian crisis, in which Russian state hackers pose an ongoing threat to Ukrainian critical infrastructure and also networks in the West, where Kremlin hackers may lash out in retaliation for sanctions against Russia and military support for Ukraine. “The Russians have made it pretty clear that signaling and small steps are not going to deter them,” says Daniels. “We’ve learned that we need to be more aggressive.”

 

The Biden administration’s ratcheted-up responses to Russian cyberattacks began in mid-February, before Russia had even launched its full-scale invasion. In a White House press conference, Deputy National Security Advisor Anne Neuberger called out Russia’s GRU for a series of denial of service attacks that had pummeled Ukrainian banks over the prior week. “The global community must be prepared to shine a light on malicious cyber activity and hold actors accountable for any and all disruptive or destructive cyber activity,” Neuberger told reporters. Coming just days after the GRU’s attacks, that rebuke represented one of the shortest-ever windows of time between a cyber operation and a US government statement attributing it to a particular agency—a process that has often taken months or even years.

Read the Full Article »

About the Author:

Andy Greenberg is a senior writer for WIRED, covering security, privacy, and information freedom. He’s the author of the forthcoming book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. His last book was Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers. The book and excerpts from it published in WIRED won a Gerald Loeb Award for International Reporting, a Sigma Delta Chi Award from the Society of Professional Journalists, two Deadline Club Awards from the New York Society of Professional Journalists, and the Cornelius Ryan Citation for Excellence from the Overseas Press Club. Greenberg works in WIRED’s New York office.