Cyber War: Russia’s reaction to sanctions

Sheila Zabeu -

March 01, 2022

There is a high expectation that cyberattacks launched by Russia will intensify after the announced sanctions involving the withdrawal of major Russian banks from the SWIFT financial system. The suspicion is that President Vladimir Putin, who supposedly has as allies cyber-angels with the capacity to do massive damage, will use this additional weapon against Ukraine or friendly countries. And this could already be happening even a few days before the SWIFT retaliation.

Officials in the US and UK blame Russia for mass denial-of-service (DDoS) attacks in Ukraine in recent days. The flurry of attacks has led to fears of a wider digital conflict, with Western governments on alert for cyber threats from Russia. Researchers say a cyberwar between Russia and the West is possible – although the severity of any event may be limited.

To defend himself Mykhailo Fedorov, Ukraine’s deputy prime minister, announced on Twitter that the country is creating an IT army and enlisting digital talent, via a Telegram channel in which it intends to distribute tasks among experts. “We will continue fighting on the cyber front,” Fedorov said in a tweet.

The well-known cyber group Anonymous has also promised a cyber offensive against Russia and seems to be keeping its promise. On Monday 28, it apparently attacked three Russian state news agencies urging Russia to ‘stop this madness. In previous days, it had claimed authorship of other attacks, including distributed denial-of-service attacks that took down government websites and that of the state-run newspaper Russia Today. Anonymous also claims to have hacked the Defense Ministry’s database and state TV channels, posting pro-Ukraine content.

On Russia’s side is the Conti cyber group. “If someone decides to organize a cyberattack or any war activity against Russia, we will use all our possible resources to counterattack the enemy’s critical infrastructure” – the phrase was presented by Brett Callow, threat expert at Emsisoft in a tweet. The Russian cyber-gang was recently named as the first group to exploit the Log4Shell vulnerability in chain attacks.

Other groups allegedly allied with Russia in the conflict against Ukraine are UNC1151 sponsored by Belarus; security/us-uk-link-new-cyclops-blink-malware-to-russian-state-hackers/" target="_blank" rel="noopener">SandWorm which uses the new Cyclops Blink malware; and TheRedBandits which, despite self-identifying as a cybercriminal group, is seen by many as an arm of Russian Intelligence itself; and Coomingproject.

The big fear is that Russian groups will carry out SolarWinds-style attacks, which initially showed their claws in early 2020 and were linked to the Russian intelligence service. At the time, malicious code infiltrated a software update from the SolarWinds company, distributed to thousands of customers, and subsequently launched a chain of cyberattacks against US government agencies and companies.

According to Eric Byres, chief technology officer at aDolus Technology heard by VentureBeat, Russia’s military campaign against Ukraine must have been years in the planning. “My suspicion is that the Russians have not used even a fraction of their cyber arsenal. It is probably putting off using this capability to attack the United States to see how strongly the West would react with sanctions and support for Ukraine,” the executive highlights.

Other experts agree with this view and add that it is very likely that Russian agents behind the SolarWinds attack still have access to many companies that are still vulnerable and have so far not been exploited.

White House denies cyber attacks on Russia

The White House denied in a tweet that US President Joe Biden had received proposals for cyber attacks to be launched en masse against Russia in order to disrupt the country’s military operations in Ukraine.

It was reported by NBC News last Thursday, the 25th, which detailed that two US intelligence officials had reported that the suggestion was to use US cyber weapons on a scale never seen before to, for example, disrupt internet connections across Russia, shut down power supplies and tamper with rail routes to hamper Russia’s ability to resupply its war forces.

“Russian cyber attacks against critical US infrastructure and economic assets will rapidly intensify if the US president takes real action against Russia’s annexation of Ukraine,” Mark Moses, director of nVisium, told Threatpost.