The rise of Russia-linked cyberattacks is causing concerns among US and French analysts, who have observed a shift in Moscow’s focus from Ukraine to its European allies. According to Al Jazeera, a recent report released by French defense firm Thales indicates that Russia is using various cyber weapons to target Poland, as well as countries in the Nordic and Baltic regions of Europe. The objective behind these attacks is to create divisions and spread anti-war propaganda among European citizens, in an attempt to reduce their support for Ukraine.
The Thales report highlights how the Russian-Ukrainian war has transformed the cyber threat landscape. It also sheds light on the origin and purpose of the attacks, revealing that unaffiliated groups account for the majority of cyber actors involved. The KillNet galaxy, the Noname057 hacktivist network, and various pro-Russian hacktivist groups collectively contribute to over 60% of the incidents. While the early stages of the conflict witnessed most attacks targeting Ukraine’s institutions, the emergence of war hacktivism has resulted in a recent shift in focus.
Understanding Russia-Linked Cyberattacks
The European Parliament (EP) has noted that Russian cyberattacks against Ukraine began in 2014, when Moscow illegally annexed Crimea, and the attacks intensified just before the 2022 invasion. During this period, Ukraine’s public, energy, media, financial, business, and non-profit sectors have all been targeted by the attacks. These cyber-threats have disrupted the distribution of essential supplies, including medicines and food, throughout Ukraine. The consequences have ranged from impeding access to vital services to data theft and the spread of disinformation. The EP also warns that deep fake technology has been used to enforce Russian propaganda.
In response to these threats, the US, the EU, and NATO have developed initiatives to counteract them and protect critical infrastructure. The EU has activated its Cyber Rapid Response Teams to assist Ukraine’s cyber defense, while non-government and private entities have also supported the country in withstanding the onslaught of cyberattacks. Since the beginning of the war, independent hackers have also conducted counterattacks on various Russian institutions and systems. Meanwhile, the EP has urged its allies to increase cybersecurity assistance to Ukraine and impose sanctions against the Russian aggressors.
Destroying Russia’s Premier Cyber Espionage Tool
The FBI, in an operation known as “Medusa,” has reportedly neutralized the “Snake” malware, a prominent cyber espionage program used by Russia’s FSB security service. This malware is considered Russia’s top espionage tool, and it is employed by FSB operatives affiliated with the hacking group “Turla.” For the past two decades, this group has targeted NATO entities, US government agencies, and various tech companies.
A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) reveals that the infrastructure associated with the “Snake” malware has been identified in over 50 countries worldwide, including the US and Russia itself. Although the malware’s infrastructure spans various industries, its targeting demonstrates purposeful and tactical intent. The FSB has likely used the “Snake” malware to gather sensitive intelligence from critical targets, such as government networks, research facilities, and journalists. The neutralization of this malware by the FBI is good news, but it does not mean that the recent cyberattacks should be ignored.
Addressing New Challenges
According to the Thales report, Russia-linked cyberattackers primarily focus on European countries that have expressed clear support for Ukraine. While their actions do not have a significant operational impact at the moment, the number of distributed denial-of-service (DDoS) attacks continues to rise. This persistent, low-impact harassment can create a challenging environment for security teams and decision-makers in affected European countries. By doing this, Russia aims to expand the conflict beyond the borders of Russia and Ukraine at a minimal cost.
Addressing these new challenges is a daunting task for the US, the EU, and NATO. However, their actions could prove vital in containing the conflict and maintaining a safe climate in Europe and beyond. The primary goal of Russia-linked cyberattacks is to establish a presence in European cyberspace and instill a sense of panic by targeting critical infrastructure, such as airports and hospitals. Nevertheless, the successful neutralization of the “Snake” malware by the FBI demonstrates that these threats can be eliminated, and reaffirms that maintaining a secure cyber environment is still possible in 2023.
