Contemporary warfare is less and less physical and more digital. The Kremlin knows this well and is increasingly threatening the strategic defenses of Western countries. This is supported by Google itself, as reported by the Wall Street Journal, which, through its cybersecurity division Mandiant, has detected suspicious relations between Russian secret services and hacker attacks around the world.
“We have never previously observed such a volume of cyber attacks, a variety of threat actors and such coordination of efforts – reads the report published by Mandiant -. Some US institutions have been targeted “
According to Google researchers, a growing body of evidence suggests there is a red thread linking pro Putin online activists, hackers and the Kremlin secret services.
The news is not an absolute novelty: the suspicions of Russian incursions into the activities and IT services of foreign countries has been a subject for all to see for several years. What is particularly interesting is to understand how the Kremlin moves on this front in order to understand what its foreign policy will be like, given that on the other front (that of the war in Ukraine) things are so bad that President Putin has come to ask for the partial mobilization of reservists to overcome the deadlock.
US and European officials have warned throughout the war that Russian hackers could lash out at Ukraine’s allies, targeting key infrastructures and even governments themselves with cyberattacks, but so far they haven’t. we had felt the effect.
Mandiant observed apparent coordination between pro-Russian hacker groups and cyber breaches by the Russian military intelligence agency, Glavnoe razvedyvatel’noe upravlenie. On four separate occasions, Mandiant claims to have observed Gru-related hacking activity in which malicious “wiper” software was installed on the victim’s network.
After installing the software, users intervened and, within 24 hours, published the data of the affected organizations that had suffered a data breach.
According to Mandiant, acquired by Google in early September for 5.4 billion, three pro-Russian user groups are involved, known as XakNet Team, Infoccentr and CyberArmyofRussia_Reborn.
“We have never seen such a volume of cyberattacks, such a variety of threat actors and such coordination of efforts over the same months before,” reads the report published on their website today.
A representative of the Russian embassy in Washington did not respond to requests for comment, while Russia expressly denied being involved in hacking activities.
The use of hackers and external users disconnected from the Crane is useful because it allows Russia to remove all responsibility. A proxy war (or through mercenaries) from which the Kremlin can clear itself more easily.
John Hultquist, Mandiant’s vice president of intelligence analysis, said that now that XakNet has established itself as a hacker group, it could be used as a cover for a more serious cyber operation headed by Russian intelligence. “These actors cannot be taken lightly,” said Hultquist referring to the Gru. I’m able to turn off the lights. ‘ It must be said that the evidence is not overwhelming but the series of clues suggests a non-coincidental correlation.
Last spring, the Department of Homeland Security issued an alert that pointed to XakNet (pronounced hack-net) and another group known as Killnet as possible threats to US infrastructure. He also warned that the war in Ukraine could provoke an increase in attacks by criminal groups. Killnet has attacked a number of entities, including targets in Japan, Italy, Norway, Estonia and Lithuania, with Distributed Denial of Service (DDoS) attacks that aim to overload servers with traffic, according to security researchers.
In recent months, Killnet has been granting interviews to Russian media, and researchers argue that media attention, which reinforces the notion that Russia’s war has garnered popular support, could be a more important target than any cyber disturbance.
In July, Congress.gov, the official provider of information on US Congressional legislation, was taken offline for about two hours by a DDoS attack, a spokesperson for the Library of Congress, which runs the website, said. “The Library’s network was not compromised and no data was lost due to the attack,” the spokesperson said.
In August, Killnet declared that it was launching an attack on the US defense contractor Lockheed Martin Corp. (known in Italy for the famous scandal that even affected the President of the Republic Giovanni Leone in the 1970s) and, more or less in the same time, he downloaded documents that he said were taken by Gorilla Circuits, a defense industry contractor based in San Jose, California, who makes printed circuit boards.
A Lockheed Martin spokesperson said, “We face threats from sophisticated adversaries around the world every day and regularly take action to increase the security of our systems and to protect the data of our employees, customers and programs.”
Jonas Skardinskas, director of cybersecurity management at the Lithuanian national cyber agency, said Lithuania has suffered at least two waves of denial of service against government agency websites, which began in June this year. But the attacks – for which Killnet claimed responsibility for the launch – were unusual because they were not targeted and never reached a paralyzing level, but they lasted a long time.
If these links were to be effectively confirmed, the security risk would effectively become global and could potentially involve all countries. In Italy, the level of cybersecurity is certainly lower than in the US and a run for cover may be necessary before harmful episodes occur.