Russia is expanding its cyberwar against the West
Russia-affiliated hackers have in recent days breached American critical infrastructure networks and disrupted hospital operations across the U.S. The attacks by Russia continue to grow bolder and larger in scope as Russia seeks to expand its war against Ukraine and its supporters across different fronts.
Russia is growing more aggressive in cyberspace.
The Cyber Army of Russia, a group of hackers linked to Russia’s military intelligence unit known as “Sandworm,” have taken credit for cyber-attacks on at least three separate occasions against water and hydroelectric utilities in the U.S. and Europe. The cybersecurity firm Mandiant published a report showing evidence connecting Sandworm to the creation of the Cyber Army of Russia. While Sandworm itself has never targeted U.S. networks with such disruptive cyber-attacks, its proxy, the Cyber Army of Russia, has begun to do so.
The Russian hackers were behind a January attack on a water facility in rural Texas, which resulted in a water tower overflowing, releasing tens of thousands of gallons of water onto the streets and into drainage pipes. Two other towns in north Texas also detected malicious cyber activity on their networks and took “precautionary defensive measures.”
President Biden’s administration in March 2024 had to warn U.S. governors that water and wastewater systems throughout the U.S. are coming under cyber-attacks. By April 2024, the Russian hackers had also conducted a cyber campaign to attack a water and wastewater treatment plant in Indiana.
Russia’s cyber-attacks on the West are not limited to the U.S. In March, the same Russian hacking group claimed that they infiltrated a French hydroelectric station to manipulate water levels. However, Le Monde revealed that they actually targeted a mill, mistakenly believing it to be the hydroelectric dam in Courlon-sur-Yonne. Poland’s water infrastructure was also targeted by the Russian hackers, as Poland has been one of Ukraine’s strongest backers in the West. In May 2024, Poland called out Russian state-sponsored hackers for attacks targeting Polish government networks.
With critical infrastructure across the U.S. vulnerable to cyber-attacks, small towns with limited resources will be even more vulnerable. Cybersecurity is a cost-center for organizations, not a money-generating resource. U.S. water plants are easy targets for hackers, and in 2021, one hacker even “tried to poison a water treatment plant that served parts of the San Francisco Bay Area.”
In May 2024, there was a targeted cyber-attack against healthcare provider Ascension, affecting 140 hospitals in 19 states. Healthcare organizations are prime targets for hackers, and the damage they can do — such as disabling medical equipment or diverting ambulances — affects the lives of many ordinary civilians. The Washington Post reported that the attack “bore similarities to past breaches by Black Basta, a successor to the Russian Conti gang…”
As Russia is bogged down on the battlefield in Ukraine, its cyber activity will adapt to support “espionage for battlefield enablement.” Countries that lead aid efforts for Ukraine, like the UK and the U.S., will continue to be prime targets of Russian cyber aggression to undermine support for Ukraine and support Russia’s battlefield objectives.
Anne Keast-Butler, the Director of the UK’s Intelligence, Cyber and Security Agency, recently spoke about growing concerns of Russian intelligence services working with proxy groups to conduct cyber-attacks.
Since Russia’s initial invasion of Ukraine in 2014, Ukraine has served as a cyber weapons test lab for Russia. But there was no “cyber Pearl Harbor” to accompany Russia’s full-scale invasion in 2022. With Ukraine acquiring extensive experience since 2014 and hardening its defenses, combined with public and private support from the West, Ukraine has withstood Russia’s cyber-offensives.
But Russia has learned from initial mistakes both on the digital and physical battlefields. By December 2023, Russia waged one of the most disruptive cyber-attacks on Ukraine’s largest telecom operator Kyivstar. The attack left millions of Kyivstar customers without a mobile signal and internet for several days.
Russia’s aggression is just ramping up in the cyber domain. In recent months, Russia has recruited “gangsters to sabotage Western factories supplying arms to Ukraine.” Russia has also been conducting electronic warfare against Western aviation in the Baltic region. Due to GPS-jamming leading to the loss of the GPS navigation system signal, Finnair announced that it was suspending its flights from Finland to Tartu, Estonia.
Russia is increasing its aggression on all fronts, signaling how it intends to engage in the future. The West is already under active cyber-attack by Russia. The longer that the West and the Biden administration hold back from a strong response on all fronts, the more emboldened and brazen Russia will become.
Russia understands only the projection of Russia. Failure to respond to Russia’s invasion of Georgia in 2008, and then the annexation of Crimea in 2014, led to the full-scale invasion of Ukraine in 2022.
The West should be prepared for more of its critical infrastructure to come under Russian cyber-attack. But it should also take bolder steps to support Ukraine on the digital and physical battlefields, as Russia’s hybrid war against the West all connects back to its battlefield objectives in Ukraine.
David Kirichenko is a freelance journalist and an associate research fellow at the Henry Jackson Society, a London-based think tank.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..