For more than a decade, U.S. cybersecurity experts have warned about Russian hacking that increasingly uses the labor power of financially motivated criminal gangs to achieve political goals, such as strategically leaking campaign emails.
Are you on Telegram? Subscribe to our channel for the latest updates on Russia's war in Ukraine.
Prolific ransomware groups in the last year and a half have shut down pandemic-battered hospitals, the key fuel conduit Colonial Pipeline and schools; published sensitive documents from corporate victims; and, in one case, pledged to step up attacks on American infrastructure if Russian technology was hobbled in retribution for the invasion of Ukraine.
Yet the third month of war finds Russia, not the United States, struggling under an unprecedented hacking wave that entwines government activity, political voluntarism and criminal action.
Digital assailants have plundered the country’s personal financial data, defaced websites and handed decades of government emails to anti-secrecy activists abroad. One recent survey showed more passwords and other sensitive data from Russia were dumped onto the open Web in March than information from any other country.
The published documents include a cache from a regional office of media regulator Roskomnadzor that revealed the topics its analysts were most concerned about on social media — including antimilitarism and drug legalization — and that it was filing reports to the FSB federal intelligence service, which has been arresting some who complain about government policies.
A separate hoard from VGTRK, or All-Russia State Television and Radio Broadcasting Co., exposed 20 years of emails from the state-owned media chain and is “a big one” in expected impact, said a researcher at cybersecurity firm Recorded Future who spoke on the condition of anonymity to discuss his work on dangerous hacking circles.
Is Ukraine winning the information war? Depends on who you ask.
Ukrainian President Volodymyr Zelensky has effectively shown the world what Russia’s war has meant for Ukraine. But inside Russia, the story is different. (Video: Luis Velarde/The Washington Post)
U.S. government and energy firms close ranks, fearing Russian cyberattacks
The broadcasting cache and some of the other notable spoils were obtained by a small hacktivist group formed as the war began looking inevitable, called Network Battalion 65.
“Federation government: your lack of honor and blatant war crimes have earned you a special prize,” read one note left on a victim’s network. “This bank is hacked, ransomed and soon to have sensitive data dumped on the Internet.”
In its first in-depth interview, the group told The Washington Post via encrypted chat that it gets no direction or assistance from government officials in Ukraine or elsewhere.
“We pay for our own infrastructure and dedicate our time outside of jobs and familial obligations to this,” an unnamed spokesperson said in English. “We ask nothing in return. It’s just the right thing to do.”
Christopher Painter, formerly the top U.S. diplomat on cyber issues, said the surge in such activity risked escalation and interference with covert government operations. But so far, it appears to be helping U.S. goals in Russia.
“Are the targets worthy? Yes,” Painter said. “It’s an interesting trend that they are now being the target of all this.”
Painter warned that Russia still has offensive capabilities, and U.S. officials have urged organizations to prepare for an expected Russian cyber-assault, perhaps held to be deployed in a moment of maximum leverage.
But perhaps the most important victim of the wave of attacks has been the myth of Russian cyber-superiority, which for decades helped scare hackers in other countries — as well as criminals within its borders — away from targeting a nation with such a formidable operation.
“The sense that Russia is off-limits has somewhat expired, and hacktivism is one of the most accessible forms of striking at an unjust regime or its supporting infrastructure,” said Emma Best, co-founder of Distributed Denial of Secrets, which validated and published the regulator and broadcast troves, among others.
Are you on Telegram? Subscribe to our channel for the latest updates on Russia's war in Ukraine.
Prolific ransomware groups in the last year and a half have shut down pandemic-battered hospitals, the key fuel conduit Colonial Pipeline and schools; published sensitive documents from corporate victims; and, in one case, pledged to step up attacks on American infrastructure if Russian technology was hobbled in retribution for the invasion of Ukraine.
Yet the third month of war finds Russia, not the United States, struggling under an unprecedented hacking wave that entwines government activity, political voluntarism and criminal action.
Digital assailants have plundered the country’s personal financial data, defaced websites and handed decades of government emails to anti-secrecy activists abroad. One recent survey showed more passwords and other sensitive data from Russia were dumped onto the open Web in March than information from any other country.
The published documents include a cache from a regional office of media regulator Roskomnadzor that revealed the topics its analysts were most concerned about on social media — including antimilitarism and drug legalization — and that it was filing reports to the FSB federal intelligence service, which has been arresting some who complain about government policies.
A separate hoard from VGTRK, or All-Russia State Television and Radio Broadcasting Co., exposed 20 years of emails from the state-owned media chain and is “a big one” in expected impact, said a researcher at cybersecurity firm Recorded Future who spoke on the condition of anonymity to discuss his work on dangerous hacking circles.
Is Ukraine winning the information war? Depends on who you ask.
Ukrainian President Volodymyr Zelensky has effectively shown the world what Russia’s war has meant for Ukraine. But inside Russia, the story is different. (Video: Luis Velarde/The Washington Post)
U.S. government and energy firms close ranks, fearing Russian cyberattacks
The broadcasting cache and some of the other notable spoils were obtained by a small hacktivist group formed as the war began looking inevitable, called Network Battalion 65.
“Federation government: your lack of honor and blatant war crimes have earned you a special prize,” read one note left on a victim’s network. “This bank is hacked, ransomed and soon to have sensitive data dumped on the Internet.”
In its first in-depth interview, the group told The Washington Post via encrypted chat that it gets no direction or assistance from government officials in Ukraine or elsewhere.
“We pay for our own infrastructure and dedicate our time outside of jobs and familial obligations to this,” an unnamed spokesperson said in English. “We ask nothing in return. It’s just the right thing to do.”
Christopher Painter, formerly the top U.S. diplomat on cyber issues, said the surge in such activity risked escalation and interference with covert government operations. But so far, it appears to be helping U.S. goals in Russia.
“Are the targets worthy? Yes,” Painter said. “It’s an interesting trend that they are now being the target of all this.”
Painter warned that Russia still has offensive capabilities, and U.S. officials have urged organizations to prepare for an expected Russian cyber-assault, perhaps held to be deployed in a moment of maximum leverage.
But perhaps the most important victim of the wave of attacks has been the myth of Russian cyber-superiority, which for decades helped scare hackers in other countries — as well as criminals within its borders — away from targeting a nation with such a formidable operation.
“The sense that Russia is off-limits has somewhat expired, and hacktivism is one of the most accessible forms of striking at an unjust regime or its supporting infrastructure,” said Emma Best, co-founder of Distributed Denial of Secrets, which validated and published the regulator and broadcast troves, among others.