Russian government hackers have likely broadly penetrated Ukrainian military, energy and other critical computer networks to collect intelligence and position themselves potentially to disrupt those systems should Russia launch a military assault on Ukraine, according to newly declassified US intelligence.
Moscow could seek to disrupt Ukrainian entities that provide critical services such as electricity, transportation, finance and telecommunications — either to support military operations or to sow panic in an attempt to destabilize the country, according to a senior administration official who described the intelligence.
The US government has determined only that Russia could undertake disruptive cyber-activity, not that it will, said the official, who like several others spoke on the condition of anonymity because of the matter's sensitivity.
"We don't know that they have intention to do so," the official said. "But we have been working with Ukraine to strengthen their cyber defenses."
A Kremlin spokesman did not respond to a request for comment.
On Tuesday, the Ukrainian government's Center for Strategic Communications and Information Security said that PrivatBank, the nation's largest commercial bank, was hit with a denial-of-service attack that temporarily interfered with customers' online banking transactions. Service was restored within hours, the government said.
The websites of Ukraine's Defence Ministry and armed forces were also disrupted, the agency said. It did not say who was behind the attacks.
Should the conflict with Ukraine escalate, officials fear there could be broader cyberattacks in retaliation for Western sanctions or other moves to support Ukraine.
The concern is so great that on Friday the White House's deputy national security adviser for cyber, Anne Neuberger, ran a tabletop exercise to ensure that federal agencies were prepared for Russian cyber-assaults that might take place in an escalating conflict with Moscow.
Such events could include a cyberattack against Ukraine, an attack against a Nato member or ransomware. "We wanted to prepare for every scenario," the official said.
President Biden on Tuesday said that "if Russia attacks the United States or our allies through disruptive cyberattacks against our companies or critical infrastructure, we are prepared to respond."
Hackers working for Russia's Federal Security Service, or FSB, and its military spy agency, the GRU, have been spotted inside Ukraine's systems, according to a second US official and another person familiar with the matter.
The US government also has been warning critical industries in the United States to ensure their systems are as hardened as possible against cyberattacks as Russia could seek to disrupt electricity, gas and other systems.
The Russians have in the past infiltrated the control systems of some American electric utilities, though no disruptions resulted.
Moscow has grown increasingly aggressive in cyberspace over the past decade, carrying out not only massive compromises of unclassified US government email systems and interfering in the 2016 US presidential election but also knocking out power temporarily in parts of Ukraine in December 2015 and then again in December 2016 in Kyiv, the Ukrainian capital.
Those attacks took place amid an escalating geopolitical confrontation between Ukraine — which was leaning toward the West — and Russia, which sought to pull the country back into its sphere of influence.
In 2014, Russia invaded and annexed Crimea and then fueled a separatist conflict in eastern Ukraine, which continues.
Cyberattacks are a key weapon in Russia's larger effort to destabilize Ukrainian society, according to U.S. officials and analysts. Besides temporarily blacking out parts of Ukraine several years ago, Russian hackers also unleashed a computer virus in 2017 against Ukrainian government ministries, banks and energy companies.
The malware, dubbed NotPetya, wiped data from computers and crippled services. It also spread beyond Ukraine, which officials say probably was not the Russians' intention, causing billions of dollars in damage globally.
"There's no doubt in my mind that Russia sees cyber as playing a significant role in its attempts to coerce and destabilize Ukraine," said a senior Western intelligence official.
"Cyber has been a central part of Russia's military buildup. The challenge that the Ukrainians have is that the level of cyber-activity that's conducted against them day-to-day is already very high and the level of cyber-activity that's conducted against Ukraine is so much higher than any other nation would deal with and frankly would tolerate."
Russian hackers have designed malware expressly for use against Ukrainian computers.
That has made it a challenge for the country's cyber defenders, and though they are more capable than they were eight years ago, they still struggle against Russian expertise, according to Western officials.
The Washington Post