The US and Britain accused Russia of laying the groundwork for major cyberattacks on their critical infrastructure in the latest ratcheting up of tensions between the rivals following this weekend’s airstrikes on Syria.
Experts from the two countries accused the Russian government of being involved in “malicious cyber activity” by using malware to try to steal intellectual property, carry out espionage and prepare for future offensive operations.
British and US intelligence services released a joint statement saying the main targets included "government and private-sector organisations," as well as providers of critical infrastructure and internet service providers.
“The US and UK governments have high confidence that Russian state-sponsored cyber actors were behind this malicious cyber activity that aimed to exploit network infrastructure devices,” according to a briefing note by the UK’s National Cyber Security Centre (NCSC). “This activity threatens the safety, security and economic wellbeing of the US, UK and international allies.”
The US and Britain accused Russia of laying the groundwork for major cyberattacks on their critical infrastructure in the latest ratcheting up of tensions between the rivals following this weekend’s airstrikes on Syria.
Experts from the two countries accused the Russian government of being involved in “malicious cyber activity” by using malware to try to steal intellectual property, carry out espionage and prepare for future offensive operations.
_______________
Read more:
UK: Russia spied on ex-double agent Sergei Skripal for years
Bolstering businesses' cyber security on agenda for Abu Dhabi meeting
_______________
British and US intelligence services released a joint statement saying the main targets included "government and private-sector organisations," as well as providers of critical infrastructure and internet service providers.
“The US and UK governments have high confidence that Russian state-sponsored cyber actors were behind this malicious cyber activity that aimed to exploit network infrastructure devices,” according to a briefing note by the UK’s National Cyber Security Centre (NCSC). “This activity threatens the safety, security and economic wellbeing of the US, UK and international allies.”
Russia dismissed the warnings as “groundless”. “We don’t know what these new accusations are based on,” said President Vladimir Putin’s spokesman Dmitry Peskov.
The timing of the publication of the threat suggested political motives rather than a rise in cyber activity targeting the two countries, according to a cybersecurity expert.
“It’s a change in position, rather than a rise in threat,” said the expert who declined to be named because of the nature of his work. “This sort of thing has been happening for quite a long time. It’s something the Russians have been consistently doing to gain access to infrastructure.”
The document released late Monday is just the latest warning by the US and the UK about Russian cyber activity and the potential threat to the country’s energy, health and telecoms networks.
Britain’s defence secretary Gavin Williamson warned in January that Russia had been researching the UK’s critical infrastructure to learn how it could spark panic, chaos and cause “thousands and thousands” of deaths.
“What they are looking at doing is trying to spot vulnerabilities,” he said. “They want to know how they can kill infrastructure.”
Russia responded then by claiming Mr Williamson had “lost his grasp on reason”.
The malicious cyber activity identified in the latest warning allegedly began in 2015 and has been given the name GRiZZLY STEP by the US authorities.
The Russian activity involves targeting devices such as routers, switches and firewalls that control access to computer networks. “If you have control of a network at chokepoints… it just opens up a world of possibilities to you,” said the expert.
Rob Joyce, the White House cyber security coordinator, said the US had a range of options to retaliate with, including new sanctions and its own cyber-offensive techniques.
“When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back,” he said.
Mr Joyce said that the Russian activity was not related to the US, UK and French strikes in Syria on Saturday and said the release of the document had not been pushed out at a time of heightened tensions between the countries.
Britain has blamed Moscow for the attack of a former spy in southern England, prompting the expulsion of more than 150 Russian diplomats from two dozen countries. Moscow has denied involvement.
Jake Williams, a US cybersecurity researcher, said: "Calling the Russians out on this hardly makes much sense unless there's some other agenda (most likely political).”
The US and the UK have blamed Russia for launching cyber-offensives, including election meddling and the "NotPetya" cyber-attack in Ukraine, which left 200,000 people without power. The UK claimed last week that the NCSC responded to 49 incidents linked to Russian cybergroups in the last six months.
Australia said on Tuesday that up to 400 businesses had been targeted by suspected Russian state-sponsored cyber-attacks in 2017 but that there was no evidence of significant exploitation.
