WASHINGTON – The United States announced on Wednesday that it has secretly removed malicious software from computer networks around the world in recent weeks, a step to prevent Russian cyber attacks and send a message to Russian President Vladimir Putin.
The move, made public by Attorney General Merrick B. Garland, comes as U.S. officials warn that Russia could try to hit U.S. critical infrastructure – including financial companies, pipelines and the power grid – in response to devastating sanctions imposed by the United States. about Moscow because of the war in Ukraine.
Malicious software has allowed the Russians to create “botnets” – networks of private computers infected with malware and controlled by the GRU, the intelligence arm of the Russian military. But it is unclear what the malware is intended for, as it could be used for everything from surveillance to destructive attacks.
A U.S. official said Wednesday that the United States does not want to wait to find out. Armed with secret court orders in the United States and with the help of governments around the world, the Department of Justice and the FBI have cut off networks from their own GRU controllers.
“Fortunately, we managed to disrupt this botnet before it could be used,” Mr. Garland said.
The court orders allowed the FBI to enter domestic corporate networks and remove malicious software, sometimes without the company’s knowledge.
President Biden has repeatedly said he will not bring the U.S. military into direct conflict with the Russian military, a situation he said could lead to World War III. He therefore refused to use the US Air Force to create a no-fly zone over Ukraine or to allow the transfer of fighter jets to Ukraine from NATO air bases.
But his hesitation does not seem to extend to cyberspace. The operation, which was unveiled on Wednesday, showed readiness to disarm the main intelligence unit of the Russian army from computer networks within the United States and around the world. It is also the latest attempt by the Biden administration to thwart Russian actions by announcing them before Moscow launches an attack.
Even as the United States works to prevent Russian attacks, some U.S. officials fear that Putin may be waiting his turn to launch a major cyber operation that could deal a blow to the U.S. economy.
So far, U.S. officials say, Russia’s primary cyber-actions have been aimed at Ukraine – including “deletion” malware designed to cripple Ukrainian government offices and an attack on a European satellite system called Viasat. Details of the satellite attack, one of the first of its kind, are of particular concern to the Pentagon and U.S. intelligence agencies, which fear it may have exposed vulnerabilities in critical communications systems that Russians and others could exploit.
The Biden administration instructed critical infrastructure companies in the United States to prepare to repel Russian cyber attacks, and British intelligence officials repeated those warnings. And while Russian hackers sometimes preferred to quietly infiltrate networks and gather information, researchers said recent malware activity in Ukraine has shown Russia’s growing readiness to cause digital damage.
“There they are involved in a cyber war that is quite intense but targeted,” said Tom Burt, Microsoft’s chief executive who oversees the company’s efforts to counter major cyber attacks and stop the attack in Ukraine during the war.
Security experts suspect that Russia could be responsible for other cyber attacks that have taken place since the start of the war, including Ukrainian communications services, although investigations into some of those attacks are ongoing.
In January, as US diplomats prepared to meet with their Russian counterparts in an attempt to avoid a military conflict in Ukraine, Russian hackers were already putting the finishing touches on a new piece of destructive malware.
The code is designed to erase data and make computer systems inoperable. After that, the malicious software left a message to the victims, mocking them for losing information. Before US and Russian representatives met for a final attempt at diplomacy, hackers had already begun using malicious software to attack Ukraine’s critical infrastructure, including government agencies responsible for food security, finance and law enforcement.
Adam Meyers, senior vice president of intelligence at CrowdStrike, who analyzed the malware used in the January attacks and linked the group to Russia, said the group intends to harm and help Russian military targets.
“It’s a relatively new group, clearly purpose-built with destructive abilities in mind,” Mr Meyers said. “Its emergence is the advancement of a continuing demand by Russian forces for cyber operational support.”
Another attack took place on February 24, the day Russia invaded Ukraine, when hackers shut down Viasat. The attack flooded modems with malicious traffic and disrupted internet services for several thousand people in Ukraine and tens of thousands of other users across Europe, Viasat said in a statement. The attack spread to Germany, disrupting the operation of wind turbines there.
Viasat said the hacking was still under investigation by law enforcement, U.S. and international government officials, and Mandiant, a cybersecurity firm he hired to investigate, and did not attribute the attack to Russia or any other state-backed group.
The Russian-Ukrainian war: a key development
But senior U.S. officials said all the evidence suggests Russia is responsible, and security researchers at SentinelOne said the malware used in the Viasat attack was similar to code associated with the GRU. The United States has not officially cited Russia as the source of the attack, but is expected to do so as soon as several allies join the analysis.
In late March, a cyber attack disrupted communications services in Ukraine again. This time, the attack focused on Ukrtelecom, a provider of telephone and Internet services, which is why the company’s services were turned off for several hours. The attack was “a constant and increasingly intense disruption at the national level in the service, which is the most severe registered since the Russian invasion,” according to NetBlocksa group that monitors Internet outages.
Ukrainian officials believe that Russia is most likely responsible for the attack, which has not yet been traced to a certain hacker group.
“Russia was interested in cutting off communication between the armed forces, between our troops, and that was partially successful at the very beginning of the war,” said Viktor Zhora, the highest official of Ukraine’s cyber security agency, the State Service for Special Communications and Information. Protection. Ukrainian officials said Russia was also behind attempts to spread misinformation about the surrender.
In the United States, officials fear similar cyber attacks could hit critical infrastructure companies. Some executives said they hoped the federal government would offer funds for cyber security.
“I am well aware that if Russia, as a nation state, decides to attack the US national infrastructure, including what I am responsible for, I have little chance of stopping them,” said Peter Fletcher, information security officer for San Jose Water Company, which is part of a group that manages water services in several states. “The whole Russian nation-state against Peter? I will lose. ”
Mr Fletcher said he was prepared, but that fewer plumbing companies than his often struggled to keep up with cyber security requirements. Many of them rely on outdated technology for pumping and purifying water, which could make them attractive targets for hacking, he said.
Community Electric Cooperative, a service provider that serves about 12,000 customers in Virginia, estimates it needs $ 50,000 to upgrade its cybersecurity system. The company has already trained its staff on how to detect cyber attacks and tested its systems, but representatives said the cooperative hopes to do even more in preparation for a potential cyber attack from Russia.
“If we don’t have the ability to prevent these things, and we’re a network, it could be pretty damaging,” said Jessica Parr, communications director of Community Electric Cooperative.
Despite the challenges, critical infrastructure providers said they were used to dealing with disasters. “We deal with hurricanes and ice storms all year long,” Ms. Parr said. “This is just another kind of storm.”
Zach Montague contributed to reporting.