Grant Gross | Washingtonexaminer.com »
The German subsidiary of the Russian energy company Rosneft reported a cyberattack in mid-March, raising fears of a behind-the-scenes hacking war related to Russia’s invasion of Ukraine.
The cyberattack, reported in the German publication Die Welt, was called significant, although it didn’t appear to affect its business operations substantially.
However, with destructive cyberattacks already targeting Ukrainian organizations, attacks against Russian targets may follow. Hacktivist collective Anonymous has threatened cyberattacks against Russian organizations in response to the Ukrainian invasion, and some cybersecurity professionals suspected Anonymous of the Rosneft attack.
Anonymous’s Twitter account has been tracking Russian government websites taken offline, apparently due to cyberattacks. “Anonymous is hacking Russian servers and crushing Russian government websites,” the group tweeted on March 16 .
Gurucul has seen increased cyberattacks against Russian organizations in recent weeks, said Saryu Nayyar, the CEO and founder of the cybersecurity firm.
Gurucul’s research, combined with data from other organizations, shows “an alignment with Anonymous’s claims and timeline and attack activities in Russia,” she told the Washington Examiner. “While some claims are certainly false and it is sometimes hard to validate, it appears to be a strong match that validates that Anonymous is active and has success at disrupting operations, wiping … sensitive data, and other types of attacks.”
Anonymous’s style of hacktivism has always been controversial, with some people thinking of it as activism and some thinking of it as vigilantism, she noted. “Certainly, Anonymous actions are mostly applauded by most people due to the negative response to Russian aggression, but activism or worse is very subjective,” she said.
Nayyar expects the attacks from both sides to ramp up as the war in Ukraine continues. Some undetected attacks may already be underway, she said.
“There are questions as to whether Russia has fully engaged in their cyberwarfare efforts or if they are holding back either intentionally or underestimating the defenses of the Ukrainian government, who are strong cybersecurity experts themselves,” she added.
Ron Bradley, vice president at cybersecurity membership organization Shared Assessments , said Anonymous is a major threat to Russia.
“You don’t want to be on the receiving end of their wrath,” he told the Washington Examiner. “The internet and digital media … is a double-edged sword, which Russia will feel both sides of. Russia is a master at state-sponsored hacktivities, but they are not immune to attacks against them or their downstream support partners.”
He added that the reported cyberattacks blamed on or claimed by Anonymous are “just the tip of the iceberg” compared to the group’s capabilities. “All countries should be on the highest possible alert because things will most certainly get worse before they get better.”
Many more cyberattacks related to the conflict in Ukraine are likely, added Karim Hijazi, CEO of cyber intelligence firm Prevailion .
“What concerns me about this is the potential for escalation,” he told the Washington Examiner. “It is the Wild West right now in cyberspace with no rules, no clear government roles, just a free-for-all for anyone who wants to join the fight digitally. Both Russia and the West also appear to be giving these groups room to operate.”
While many people may be cheering on anti-Russia hacking groups right now, there are a lot of downsides from this type of hacktivism, he added.
“Russia is conducting such a brutal campaign in Ukraine, a war that was totally unprovoked, and the Ukrainians deserve every ounce of support they can get,” he said. “However, we also need to be cognizant of the risks we’re facing with this because it’s a bit like opening Pandora’s box.”
Hacktivists may not have comprehensive intelligence about their targets, and he noted that Russia could view cyberattacks as offensive cyberwar operations.
“Russia may not have the means to differentiate an attack on their surveillance and countersurveillance systems as originating from a rogue group or a nation-state actor like the U.S.,” he added. “This could draw us into a larger conflict that we never had the intention to start.”
Cyberattack on Russian Energy Company