The United States says it has secretly removed malware around the world to prevent Russian cyberattacks

WASHINGTON – The United States said Wednesday that it has secretly removed malware from computer networks around the world in recent weeks in a step to prevent Russian cyberattacks and send a message to Russian President Vladimir Putin.

The move, made public by Attorney General Merrick B. Garland, comes as U.S. officials warn that Russia could try to strike at America’s critical infrastructure – including financial companies, pipelines and the power grid – in response to devastating sanctions. from the United States of Moscow because of the war in Ukraine.

The malware allowed the Russians to create “botnets” – networks of private computers that are infected with malware and controlled by the GRU, the intelligence unit of the Russian army. But it is not clear what the malware is intended for, as it can be used for everything from surveillance to destructive attacks.

A U.S. official said Wednesday that the United States does not want to wait to find out. Armed with secret court orders in the United States and the help of governments around the world, the Department of Justice and the FBI cut off networks of the GRU’s own controllers.

“Fortunately, we managed to break this botnet before it could be used,” Mr Garland said.

Court orders allow the FBI to enter internal corporate networks and remove malware, sometimes without the company’s knowledge.

President Biden has repeatedly said he will not put the US military in direct conflict with the Russian military, a situation he believes could lead to World War III. He therefore refused to use the US Air Force to create a no-fly zone over Ukraine or to allow the transfer of fighter jets to Ukraine from NATO air bases.

But his hesitation does not seem to extend to cyberspace. The operation, which was unveiled on Wednesday, showed readiness to disarm the Russian military’s main intelligence unit from computer networks in the United States and around the world. It is also the latest effort by the Biden administration to thwart Russian actions by making them public before Moscow can strike.

Although the United States is working to prevent Russian attacks, some U.S. officials fear that Putin may wait until he launches a major cyber operation that could hit the U.S. economy.

So far, US officials say, major Russian cyber operations have been targeted at Ukraine, including wiper malware designed to cripple Ukrainian government services and an attack on a European satellite system called Viasat. The details of the satellite attack, one of the first of its kind, are of particular importance to the Pentagon and US intelligence agencies, who fear it may have revealed vulnerabilities in critical communications systems that Russians and others could exploit.

The Biden administration has instructed critical infrastructure companies in the United States to prepare to repel Russian cyberattacks, and British intelligence officials have reiterated these warnings. And while Russian hackers sometimes prefer to quietly hack into networks and gather information, researchers say Ukraine’s recent malware activity demonstrates Russia’s growing willingness to do digital damage.

“They are involved in cyber warfare there, which is quite intense but targeted,” said Tom Burt, Microsoft’s chief executive, who oversees the company’s efforts to counter major cyber attacks and stop an attack in Ukraine during the war.

Security experts suspect that Russia may be responsible for other cyber attacks since the start of the war, including against Ukrainian communications services, although investigations into some of these attacks are ongoing.

In January, as US diplomats prepared to meet with Russian counterparts in an attempt to avoid a military conflict in Ukraine, Russian hackers were already putting the finishing touches on new destructive malware.

The code is designed to erase data and make computer systems inoperable. The malware then left a note for the victims, mocking them for losing information. Before US and Russian officials meet for a final attempt at diplomacy, hackers have already begun using malware to attack Ukraine’s critical infrastructure, including government agencies responsible for food security, finance and law enforcement.

Adam Myers, a senior vice president of intelligence at CrowdStrike, who analyzed the malware used in the January attacks and linked the group to Russia, said the group aimed to cause damage and help Russian military targets.

“This is a relatively new group, apparently specifically designed with destructive power in mind,” Mr Myers said. “Its emergence is a progression of the ongoing search by Russian forces for cyber-operational support.

Another attack took place on February 24, the day Russia invaded Ukraine when hackers downloaded Viasat offline. The attack flooded modems with malicious traffic and disrupted Internet services for several thousand people in Ukraine and tens of thousands of other customers across Europe, said in a statement Viasat. The attack also spread to Germany, disrupting wind turbines there.

Viasat said the hack remained under investigation by law enforcement, US and international government officials, and Mandiant, a cybersecurity firm hired to investigate, and did not attribute the attack to Russia or another state-backed group.

But senior US officials said all the evidence suggested that Russia was responsible, and security researchers at SentinelOne said the malware used in the Viasat attack was similar to the code associated with the GRU. The United States has not officially named Russia as the source of the attack, but is expected to do so as soon as several allies join the analysis.

In late March, a cyber attack again disrupted communications services in Ukraine. This time, the attack focused on Ukrtelecom, a provider of telephone and Internet services, taking the company’s services offline for several hours. The attack was “a continuing and growing disruption of national services, the worst since Russia’s invasion.” according to NetBlocksa group that monitors Internet outages.

Ukrainian authorities believe that Russia is most likely responsible for the attack, which has not yet been traced to a specific hacker group.

“Russia was interested in cutting off communication between the armed forces, between our troops, and this was partly successful at the very beginning of the war,” said Viktor Zhora, a senior official at Ukraine’s cybersecurity agency, the State Special Communications and Information Service. Protection. Ukrainian authorities have said Russia is also behind attempts to spread misinformation about capitulation.

In the United States, officials fear that such cyberattacks could affect critical infrastructure companies. Some executives said they hoped the federal government would offer funding for cybersecurity.

“I am fully aware that if Russia, as a nation state, decides it wants to attack US national infrastructure, including what I am responsible for, I have little chance of stopping them,” said Peter Fletcher, the company’s information security officer. for water in San Jose, which is part of a group that manages water services in several states. “The whole Russian nation-state against Peter?” I will lose. “

Mr Fletcher said he was prepared, but that smaller water companies than his were often struggling to meet cybersecurity requirements. Many rely on outdated water pumping and purification technology, which could make them attractive hacking targets, he said.

Community Electric Cooperative, a utility provider that serves about 12,000 customers in Virginia, estimates it needs $ 50,000 to upgrade cybersecurity systems. The company has already trained its employees on how to detect cyber attacks and tested its systems, but officials said the cooperative hopes to do even more in preparing for a potential cyber attack from Russia.

“If we don’t have the means to prevent these things and we’re the network, it can be pretty disastrous,” said Jessica Parr, communications director at Community Electric Cooperative.

Despite the challenges, critical infrastructure providers said they are used to dealing with disasters. “We deal with hurricanes and ice storms all year round,” Ms. Parr said. “It’s just a different type of storm.”

Zach Montague contributed to the reporting.

Leave a Comment

Your email address will not be published.