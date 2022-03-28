The Biden administration claims that a full-scale Russian cyberattack on US infrastructure is underway as the Kremlin's response to the sweeping sanctions imposed on it over the Ukraine attack.

In his last speech, President Biden accused Russia of preparing to use “harsher tactics” to attack and jeopardise the functioning of US strategic infrastructure and thus create "unpleasant economic consequences" for Washington.

The advice that White House officials have been giving in recent days to companies and institutions in particularly vulnerable sectors suggests that Washington is preparing for both attempts of stealing sensitive data and an invasion of ransomware, often attributed to pro-Russian hacker groups.

According to Chainalysis, a Washington DC-based blockchain service provider which also conducts research for governments, since 2021 about 74 percent of all the funds that were transferred as "digital" ransom payments have gone into the pockets of hackers allegedly linked to the Russian Federation jurisdiction.

The escalation scenario in the cybersphere was calculated by experts close to the US government at the earliest stage of the current hostilities in Ukraine. The US banking structures and defence companies could be targeted, according to local officials. Infrastructure is another sore point.

In February, US and UK intelligence communities reported the emergence of new malicious software called Cyclops Blink. The virus, which was first used against WatchGuard Firebox network security devices, is thought to have been developed by Sandworm, a group of hackers said to be especially close to the Russian leadership. Consulting firm Mandiant has identified Cyclops Blink as a software that may trump all others.

Digital bombing

US authorities have a fairly extensive list of claims against Russia when it comes to projecting cyber threats. One of the biggest episodes in recent years was the spread of the NotPetya virus in 2017 which hit Ukraine first and then a wider range of other countries. Initially, it was thought that the malware had been designed for extortion, but later it turned out that its functionality was much broader and more dangerous: it cleared the hard drive of the computer, leaving no chance for data recovery.

At the beginning of military operations in Ukraine, when three strains of the Wiper malware simultaneously attacked local infrastructure, it became clear who had launched the attacks. The virus deleted user information and data from drives connected to the infection source.