Anne Neuberger, Deputy National Security Advisor, made the attribution at White House as tensions escalated between Russia & Ukraine.
Neuberger stated that “we believe the Russian government was responsible for widespread cyberattacks against Ukrainian banks this week.” “We have technical data that links the Russian Main Intelligence Directorate (GRU). The GRU infrastructure was observed transmitting large volumes of communication to Ukraine based IP addresses, domains and domains.
Neuberger pointed out that the spam attack and denial-of-service attacks had “limited effect” in Ukraine. However, he said that the latest incident of malicious cyber activity could have preceded “more disruptive cyberattacks” that could lead to an invasion of Ukraine’s sovereign territories. Neuberger said that the U.S. shared intelligence with Ukraine as well as European partners.
Top cyber officials claimed that the U.S. worked quickly to link the dots on the GRU linked attack to “call out the behavior fast.”
Officials from the United Kingdom made a similar announcement on Friday, when the U.S. publically attributed the attack to Russia.
“The UK and its allies won’t tolerate malicious cyber activity. The decision to publicly attribute the incident underscores this fact,” the Foreign Commonwealth and Development Office of Britain (FCDO) stated in a statement.
The statement stated that “this activity is yet more example of Russia’s aggressive acts towards Ukraine.”
Officials in Ukraine called this week’s DDoS attacks the most severe in their history, despite the simple tactics behind the cyber harassment.
CrowdStrike’s data shows that internet traffic to the Ukrainian sites was three orders of magnitude higher than regular traffic during the DDoS attack, according to Adam Meyers (senior vice president of intelligence at CrowdStrike).
John Hultquist is vice president of Intelligence Analysis for cybersecurity firm Mandiant. He said that it’s important to not misjudge the intent of these attacks. Hultquist stated that the disruption they cause is intended to incite and undermine and is not an ending in itself, according to a statement sent to CBS News.
“Ultimately, these incidents should not be judged by their technical complexity. He said that even though they shut down the lights in Ukraine they may have done the most important cyber operation when they hacked into and leaked information during 2016 elections.”
Victoria Nuland, the Under Secretary for Political Affairs, stated earlier this week that Russia was likely behind the attack. She cited their past actions.
“Who’s the best at this, and who can use this weapon around the globe?” Nuland stated that the Kremlin was obvious.
“I believe what’s most important is the fact that these cyberattacks weren’t very successful,” she said, praising Ukrainian officials for their quick response and helping websites recover.
The Ukrainian Computer Emergency Response Team (or “CERT”) released a technical assessment of Wednesday’s campaign against Ukrainian government agencies. Officials from Ukraine confirmed that Mirai, a botnet commonly used in large-scale network attacks to steal data, was used in the cyberattacks.
Neuberger stated Friday to reporters that no intelligence suggests any credible or specific cyber threats to the U.S. home. The U.S. Cyber officials have increased outreach to the private sector over the past months and weeks, asking nation’s critical infrastructure operators and owners to strengthen cyber defenses.
“Given rising tensions, and the possible invasion of Ukraine by Russia,” Cybersecurity and Infrastructure security Agency (CISA), Director Jen Easterly stated Friday at an Aspen Institute panel. It really is part of the paradigm shift I’ve been referring to for a while now — moving away from reactive government to proactive government.
Easterly observed that outreach included both classified and unclassified briefings for our private sector, state, and local partners on evolving cybersecurity risk.
On Thursday, the Treasury Department hosted an in-person briefing for CEOs of major U.S. bank branches, along with officials from CISA, FBI and White House. J.P. Morgan, Citibank were among the participants.
CISA issued a warning on Friday to critical infrastructure operators and owners of critical infrastructure about a rise in sophisticated foreign influence operations using misinformation, disinformation, and mal-information (MDM).
Easterly encouraged organizations to “lower the threshold” for reporting cyber-anomalous activity to the U.S. government on Friday. She urged organizations to “lower their threshold” for reporting anomalous cyber activity to the U.S government Friday.