DHS says the US is on “high alert” for a Russian cyberattack
With more than 100,000 Russian troops on the Ukrainian border, the Department of Homeland Security is warning that Russia could launch a cyberattack on the United States if it feels threatened by further US action in response to a possible Russian invasion of Ukraine.
According to a DHS Intelligence and Analysis Bulletin sent to law enforcement partners across the country, the US government believes Russia would consider a cyberattack if “a US or NATO response to a possible Russian invasion of Ukraine is long-term threat to national security”.
“Russia maintains a range of offensive cyber tools that it could use against US networks — from low-level denials of service to destructive attacks on critical infrastructure,” the bulletin, issued Sunday and obtained by CBS News, said further.
The advice followsto the Ukrainian military to strengthen its defenses.
Last week, the Biden government approved a proposal by NATO members Estonia, Lithuania and Latvia to send Javelin anti-tank weapons and Stinger air defense systems to Ukrainian forces, as well as the transfer of light anti-tank weapons from the United Kingdom.
DHS Secretary Alejandro Mayorkas told CBS News Thursday that “it is very difficult to calibrate the likelihood” of a cyberattack being launched by the Russian government or its proxies in response to American support for Ukraine. But the minister acknowledged that the US is currently “on heightened alert due to the geopolitical landscape”.
“When the specter of harm arises, we call for vigilance. And frankly, in the area of cybersecurity, pervasive vigilance is what we’re asking for,” Mayorkas added.
DHS noted in its assessment that “Russia’s threshold for conducting disruptive or destructive cyberattacks at home likely remains very high.” Officials “have not observed Moscow employing these types of cyberattacks directly against US critical infrastructure — notwithstanding past cyber-espionage and potential prepositioning operations.”
In 2021, Russia-linked cyber gangs launched two devastating cyber attacks on the United States. In April, cybercriminals targeted and forced the computer networks of Colonial Pipeline, America’s largest fuel pipeline operator responsible for delivering 45% of fuel along the East Coast. Weeks later,— the world’s largest meat processor — forced the company to stop slaughtering cattle at 13 of its plants.
The US has also blamed Russia’s foreign intelligence agency (SVR) for the 2020 SolarWinds breach. The sophisticated espionage campaign infiltrated more than 18,000 state and private computer networks, eventually targeting nine federal agencies and numerous US companies.
Last week, the cybersecurity and infrastructure security agency known as “CISA” released a memo urging executives and network defenders to be on guard against malicious cyber activity after a nighttime defacing campaign hit Ukrainian government servers.
The digital sabotage forced government websites to be shut down, including the Foreign Ministry’s homepage, which temporarily displayed a message warning the Ukrainian population to “be scared and expect the worst.” Ukrainian officials pointed the finger at Russia over another cyber outage.
2016 Russian cybercriminalscausing almost a quarter of a million people in the Ivano-Frankivsk region to lose electricity.
In a sign of growing U.S. concerns, both the DHS intelligence bulletin and the CISA memo followed a joint CISA-FBI-NSA intelligence recommendation issued earlier this month warning U.S. organizations about “Russian state-sponsored cyber threats to U.S. Critics” informed infrastructure.”
“As we push and escalate conflict, [cyber attacks] more likely to be deployed by Russia, allowing them to move aggressively without having to escalate into a full-blown war,” John Hultquist, vice president of analytics at Mandiant Threat Intelligence, told reporters last week.
“Russia is a full-spectrum player,” added Hultquist. “They physically deploy teams, they hijack supply chains, they conduct intelligence operations, they conduct cyber attacks and cyber espionage.