US is neck-deep in the cyberwar with Russia

The Biden administration claims that a full-scale Russian cyberattack on US infrastructure is underway as the Kremlin's response to the sweeping sanctions imposed on it over the Ukraine attack.

In his last speech, President Biden accused  Russia of preparing to use “harsher tactics” to attack and jeopardise the functioning of US strategic infrastructure and thus create "unpleasant economic consequences" for Washington. 

The advice that White House officials have been giving in recent days to companies and institutions in particularly vulnerable sectors suggests that Washington is preparing for both attempts of stealing sensitive data and an invasion of ransomware, often attributed to pro-Russian hacker groups. 

According to Chainalysis, a Washington DC-based blockchain service provider which also conducts research for governments,  since 2021 about 74 percent of all the funds that were transferred as "digital" ransom payments have gone into the pockets of hackers allegedly linked to the Russian Federation jurisdiction.

The escalation scenario in the cybersphere was calculated by experts close to the US government at the earliest stage of the current hostilities in Ukraine. The US banking structures and defence companies could be targeted, according to local officials. Infrastructure is another sore point.

In February, US and UK intelligence communities reported the emergence of new malicious software called Cyclops Blink. The virus, which was first used against WatchGuard Firebox network security devices, is thought to have been developed by Sandworm, a group of hackers said to be especially close to the Russian leadership. Consulting firm Mandiant has identified Cyclops Blink as a software that may trump all others.

Digital bombing

US authorities have a fairly extensive list of claims against Russia when it comes to projecting cyber threats. One of the biggest episodes in recent years was the spread of the NotPetya virus in 2017 which hit Ukraine first and then a wider range of other countries. Initially, it was thought that the malware had been designed for extortion, but later it turned out that its functionality was much broader and more dangerous: it cleared the hard drive of the computer, leaving no chance for data recovery.

At the beginning of military operations in Ukraine, when three strains of the Wiper malware simultaneously attacked local infrastructure, it became clear who had launched the attacks. The virus deleted user information and data from drives connected to the infection source.

The first strain, called HermeticWiper, was diagnosed on February 23, that is, one day before the start of the full-scale attacks initiated by Russia. Here the masterminds of the sabotage were ahead of the game.

The desire to anticipate the actions of an opponent in the cybersphere may date back to the days of former US President Barack Obama. After the Kremlin allegedly authorised the scandalous infiltration of the US Democratic Party's National Committee mail server for theft of confidential emails, the White House responded in the strongest possible terms, allegedly giving the green light to place some kind of cyberweapons inside Russian infrastructure in 2016, "the digital equivalent of bombs" that could detonate at any moment, the Washington Post wrote.

The decision, which, according to the disclosures, was made after a long brainstorming session at the inter-agency level, left the impression that the US executive branch and intelligence agencies would potentially act against Russia in cyberspace based on the notorious pre-emptive defence principle. It should be noted that despite the friction between Moscow and Washington over the years, the semi-mythical "digital bombs" have never been used.

Hot stage of the conflict

The US supervision agency, the so-called Cyberspace Commission, was formed in 2019 as a result of a bipartisan consensus to develop a unified strategic approach to cyber security. But in its latest study, the agency reported that a lack of political will has slowed down the commission and even some of its very modest recommendations required a major emergency to occur. 

Former National Security Agency and Central Security Service advisor Glenn Gerstell explained that the US government cannot withstand hacker attacks because of the decentralised nature of its strategy in the cybersphere. According to his estimates, government agencies are only digitally regulating those sectors that are within their sphere of responsibility, which is an ineffective way to solve a problem that, by and large, could cripple the national economy.

Therefore, it is easy to conclude that those companies and institutions that are most at risk against the backdrop of recent events are now effectively left to their own devices.

According to Dmitri Alperovitch, chairman of the analytical company Silverado Policy Accelerator, after the US has exhausted all possibilities of economic sanctions against the Kremlin, they will have no other option but to take offensive actions in the cybersphere. But it is the scenario of "digital retaliation," according to the expert, that puts Moscow and Washington on the path to such a conflict, which can quickly escalate into a hot phase. And as evidenced by recent statements by US authorities, this is something the White House would like to avoid.

So, the Biden administration may have no choice but to get defensive or try to recall the "digital bombs" that, if Washington Post reporters are to be believed, have been ticking away somewhere in the depths of Russia's infrastructure since Barack Obama’s government.