Limited Russian Cyber Assaults Detected in Ukraine, According to American Authorities
In a series of statements, FBI Director Christopher Wray has emphasized the importance of private sector reporting of cyber threat information, as well as the need for real-time sharing of intelligence with federal authorities. This call to action comes amidst ongoing concerns over Russian cyber activities, particularly in Ukraine.
Wray cited the 2017 NotPetya attacks as an example of malicious cyber activity that started in one country but rapidly spread to companies in other nations. He expressed his concerns about the Conti ransomware group, which has publicly pledged support for Russia's invasion of Ukraine.
Federal authorities have been warning for months about the risk of Russia using cyber as a means of hybrid warfare against Ukraine or more directly targeting U.S. or allied targets. The annual global threat assessment provided to the House committee by top national security officials included the Russian invasion of Ukraine as a primary focus.
U.S. authorities are currently tracking a limited number of cyberattacks in Ukraine. The Russian state-sponsored hacking groups closely monitored by U.S. authorities include APT28 (Fancy Bear), APT29 (Cozy Bear), and Sandworm Team. Gen. Paul Nakasone, commander of U.S. Cyber Command and director of the National Security Agency, stated that the Russians have conducted three or four cyberattacks in Ukraine.
Wray wants to ensure the FBI receives threat information in real time and that companies are protected from liability for what they tell agents. He also wants CISA to also receive threat intelligence, but wants to ensure there is no delay in what the FBI sees.
In a recent example of the FBI's response, agents were able to prevent a cyberattack on a major healthcare facility from spreading over into patient care. The FBI has also been working with several organizations to mitigate cyberattacks.
Security researchers have identified several potential threats, including a botnet called Cyclops Blink and a form of malware called HermeticWiper, which can quickly erase all data from a computer system.
However, the level of malicious cyber activity is nowhere close to the threat warnings previously issued by federal officials. This could be due to the efforts of the Ukrainians, challenges encountered by the Russians, and preventive measures taken by others.
A controversy has arisen over legislation that would mandate companies report threat information to the Cybersecurity and Infrastructure Security Agency, but not to the FBI. Wray urged companies to share real-time information about ransomware or other malicious cyber activity, stressing the importance of collaboration between the private sector and federal authorities in combating these threats.
Read also:
- Finland assumes presidency of the Baltic Sea Council from Germany
- "Examination of Children from Family Backgrounds Laced with Addiction: A Focus at the 'Memories of a Forgotten Childhood' Film Screening"
- Treasured Institution, the Smithsonian, Unfalteringly Unscathed by Alterations [column]
- François Bayrou, in a recent disclosure by Mediapart, undertook a renovation project on his city hall office in Pau, costing around €40,000.
