With more than 100,000 Russian troops poised at the Ukrainian border, the Department of Homeland Security is warning that Russia could conduct a cyberattack against the United States if it feels threatened by further actions the U.S. takes in response to a possible Russian invasion of Ukraine.
According to a DHS Intelligence and Analysis bulletin sent to law enforcement partners nationwide, the U.S. government assesses that Russia would consider a cyberattack if “a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security.”
“Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials of service to destructive attacks targeting critical infrastructure,” the bulletin issued Sunday and obtained by CBS News, continued.
The advisory follows theto Ukraine’s military in an effort to shore up its defenses.
Last week, the Biden administration approved a proposal by NATO members Estonia, Lithuania and Latvia to send Javelin anti-tank weapons and Stinger air-defense systems to Ukrainian forces, as well as the transfer of light anti-tank weapons from the United Kingdom.
DHS Secretary Alejandro Mayorkas told CBS News Thursday, “it’s very difficult to calibrate the likelihood” of a cyberattack launched by the Russian government or its proxies in response to American support to Ukraine. But the secretary conceded the U.S. is currently on “heightened alert by reason of the geopolitical landscape.”
“When the specter of harm arises, we call for vigilance. And quite frankly, in the cybersecurity arena, ever-present vigilance is what we call for,” Mayorkas added.
DHS indicated in its assessment that “Russia’s threshold for conducting disruptive or destructive cyber attacks in the Homeland probably remains very high.” Officials “have not observed Moscow directly employ these types of cyber attacks against US critical infrastructure—notwithstanding cyber espionage and potential prepositioning operations in the past.”
In 2021, Russian-linked cyber gangs launched two devastating cyberattacks on the United States. Cybercriminals targeted the computer networks of Colonial Pipeline, America’s largest fuel pipeline operator, responsible for delivering 45% of fuel along the East Coast and forced the shutdown, in April. Weeks later, — the world’s largest meat processing company – forced the company to halt cattle-slaughtering operations at 13 of its plants.
The U.S. has also blamed the Russian Foreign Intelligence Service (SVR) for the 2020 SolarWinds breach. The sophisticated spy campaign infiltrated more than 18,000 government and private computer networks and ultimately targeted nine federal agencies and scores of U.S. companies.
Last week, the Cybersecurity and Infrastructure Security Agency known as “CISA” issued a memo urging leaders and network defenders to be on alert for malicious cyber activity after Ukrainian government servers were hit by an overnight defacement campaign.
The digital sabotage forced government websites to be taken down, including the homepage for the Foreign Ministry, which temporarily displayed a message warning Ukraine’s people to “be afraid and expect the worst.” Ukrainian officials pointed the finger at Russia for another cyber outage.
In 2016, Russian cybercriminals, causing nearly a quarter of a million people to lose power in the Ivano-Frankivsk region.
In a sign of the U.S.’ growing concern, both the DHS intelligence bulletin and the CISA memo followed a joint intelligence advisory from CISA, the FBI and NSA issued earlier this month, informing U.S. organizations of “Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.”
“As we push towards a conflict and we escalate, [cyber attacks] are more likely to be used by Russia that allows them to be aggressive, without escalating to a full out war,” John Hultquist, vice president of analysis at Mandiant Threat Intelligence, briefed reporters, last week.
“Russia is a full spectrum player,” Hultquist added. “They send teams out physically, they hijack supply chains, they do information operations, they carry out cyber attack and cyber espionage. Thinking about their operations, they’re very comfortable within the limitations of cyber.”