WASHINGTON – The United States on Wednesday said it had secretly removed malware from computer networks around the world in recent weeks, in a bid to pre-empt Russian cyber-attacks and probe Russian President Vladimir V. It is a step towards sending a message to Putin.
Attorney General Merrick B. The move, made public by Garland, has prompted U.S. officials to warn that Russia could try to strike at American complex structures – including financial companies, pipelines and electric grids – in response to drastic sanctions imposed by the United States. On the war in Ukraine on Moscow.
The malware enabled the Russians to create a “botnet” – a network of private computers infected with malicious software and controlled by GRU, the Russian military’s intelligence arm. But it is not clear what the purpose of the malware was, as it could be used for everything from surveillance to destructive attacks.
The United States does not want to wait to find out, a U.S. official said Wednesday. Equipped with the help of secret court orders in the United States and governments around the world, the Department of Justice and the FBI disconnected the network from its GRU controllers.
Mr. Garland said.
Court orders allow the FBI to access local corporate networks and remove malware, sometimes without the company’s knowledge.
President Biden has repeatedly said he would not put US forces in direct conflict with Russian forces, saying the situation could lead to a third world war. That is why it refused to use the US Air Force to create a no-fly zone over Ukraine or to allow the transfer of fighter jets from a NATO air base to Ukraine.
But his hesitation does not seem to extend to cyberspace. The operation, announced Wednesday, sought to disarm the Russian military’s main intelligence unit from computer networks inside the United States and around the world. There has also been a recent attempt by the Biden administration to frustrate Russian actions by making it public before Moscow goes on strike.
Although the United States is working to prevent Russian attacks, some American officials Putin may take his time in launching a major cyber operation that could hit the American economy.
So far, U.S. officials say, primary Russian cyber operations have been directed at Ukraine – including “Viper” malware designed to cripple Ukrainian government offices and an attack on a European satellite system called Vyasat. Details of the satellite attack, one of the first of its kind, are of particular concern to the Pentagon and American intelligence agencies, which fear it could expose vulnerabilities in complex communications systems that could be used by Russians and others.
The Biden administration has instructed critical infrastructure companies in the United States to be prepared to prevent Russian cyber attacks, and intelligence officials in Britain have echoed those warnings. And while Russian hackers have sometimes opted to quietly infiltrate the network and gather information, the researchers said recent malware activity in Ukraine has shown Russia’s growing desire to inflict digital damage.
“They are engaged in a cyber war there that is very intense, but it is targeted,” said Tom Burt, a Microsoft executive who oversees the company’s efforts to combat major cyber attacks in Ukraine during the start of the war and to stop the attacks in Ukraine.
Security experts suspect that Russia may be responsible for other post-war cyber attacks, including on Ukrainian communications services, although some of these attacks are under investigation.
In January, as U.S. diplomats prepared to meet with their Russian counterparts in an effort to avoid a military conflict in Ukraine, Russian hackers were already finalizing a new piece of destructive malware.
The code was designed to delete data and render the computer system inefficient. Following this, the malware left a note for the victims, taunting them about losing information. U.S. And before Russian delegations met for a final attempt at diplomacy, hackers had already begun using malware to attack Ukraine’s complex infrastructure, including government agencies responsible for food security, finance and law enforcement.
Adam Meyers, senior vice president of CrowdStrike for Intelligence, who analyzed the malware used in the January attack and linked the group to Russia, said the group’s purpose was to harm and help Russian military objectives.
Mr. Meyers said. “Its emergence is a continuation of the continued demand of Russian forces for cyber operational support.”
The second attack took place in February. 24, the day Russia invaded Ukraine, when hackers knocked Viasat offline. The attack caused malicious traffic in the modem and disrupted Internet services for thousands of people in Ukraine and thousands of other customers across Europe, Viaest said in a statement. The attack also spread to Germany, where wind turbine operations were disrupted.
Vyasat said the hack has been under investigation by law enforcement, US and international government officials, and the cybersecurity firm Mandiant, which he hired to investigate the matter, and did not attribute the attack to Russia or any other state-backed group.
Russia-Ukraine War: Major Developments
But senior U.S. officials said all the evidence suggests Russia is responsible, and Sentinelon’s security investigators said Viasat was similar to the malware code used in the attack that was linked to GRU. The United States has not formally named the attack on Russia. But some colleagues join the analysis and are expected to do so soon.
In late March, another cyber attack in Ukraine disrupted communications services. This time, the attack focused on telephone and Internet service provider Ukrtelecom, which had shut down the company’s services for several hours. The attack was “a continuous and intense disruption of service at the national level, the most serious since the Russian invasion.” According to NetBlocksA group that tracks Internet outages.
Ukrainian officials believe Russia was largely responsible for the attack, but have not been able to locate a specific hacking group.
“Russia was interested in cutting off communication between our forces, between the armed forces, and it was partially successful at the beginning of the war,” said Victor Zora, a top official at Ukraine’s cyber security agency, the State Service of Special Communications and Information. Protection. Ukrainian officials said Russia was also behind attempts to spread false information about the surrender.
In the United States, officials fear that similar cyber attacks could seriously affect infrastructure companies. Some executives said they hoped the federal government would offer funding for cybersecurity.
“I know very well that if Russia, as a nation-state, decides that it wants to attack the US national structure, in which I am responsible, I have little chance of stopping them,” Fletcher said. That said, the information security officer for the San Jose Water Company, which is part of a group that manages water services in several states. “Peter v. The whole Russian nation-state? I will lose.”
Mr. Fletcher said he was willing but smaller water companies than his own often struggled to keep up with cyber security demands. Many of them rely on older technology to pump and treat water, which could make them attractive hacking targets, he said.
Community Electric Cooperative, a utility provider serving about 12,000 customers in Virginia, estimates it needs $ 50,000 to upgrade cybersecurity systems. The utility has already trained its staff on how to detect a cyber attack and tested its systems, but delegates said the cooperative hopes to do more in preparation for a possible cyber attack from Russia.
“If we don’t have the capacity to stop this stuff and we’re on the grid, it can be very damaging,” said Jessica Parr, communications director at Community Electric Cooperative.
Despite the challenges, complex infrastructure providers said they are accustomed to managing disasters. “We deal with hurricanes and blizzards all year round,” she said. Pare said. “This is a different kind of storm.”
Zac Montagu Contribution Report.