Russia "Pre-positioning" Cyber-Attacks for Potential Invasion

The UK and US governments quickly attributed DDoS attacks on Ukrainian organizations last week to Russian intelligence.

A National Cyber Security Centre (NCSC) missive on Friday said it is “almost certain” that the attacks which took place on February 15 and 16 were the work of the Russian Main Intelligence Directorate (GRU).

“The attack showed a continued disregard for Ukrainian sovereignty. This activity is yet another example of Russia’s aggressive acts against Ukraine,” a Foreign Office spokesperson said.

“This disruptive behavior is unacceptable. Russia must stop this activity and respect Ukrainian sovereignty. We are steadfast in our support for Ukraine in the face of Russian aggression.”

US deputy national security advisor for cyber, Anne Neuberger, echoed these sentiments in a press conference the same day.

However, she went further, warning that the attacks could be just the start of a larger campaign designed to coincide with a military invasion of Ukraine.

“The US government believes that Russian cyber-actors likely have targeted the Ukrainian government, including military and critical infrastructure networks, to collect intelligence and pre-position to conduct disruptive cyber activities,” she said. “These disruptive cyber-operations could be leveraged if Russia takes further military action against Ukraine.”

Neuberger added that Russia “likes to move in the shadows” and counts on the fact that western governments often take their time over attribution so that it can continue the malicious online activity, including pre-positioning, with impunity.

This is likely to be the case why the decision was taken to name-and-shame the Kremlin so swiftly after the DDoS attacks last week.

The US government has been preparing for a possible attack on its own critical infrastructure for several months by conducting “extensive outreach” with critical infrastructure (CNI) providers, said Neuberger. Government agencies have gone to “unprecedented lengths” to share information with the private sector, including technical indicators of previous Russian attacks on Ukrainian CNI.

“We urge our private sector partners to exercise incident response plans and put in place the cybersecurity defenses like encryption and multi-factor authentication (MFA) that make cyber-attacks harder for even sophisticated cyber-actors,” she said.

What’s Hot on Infosecurity Magazine?