Russia Warns of Military Action If US Attacks InfrastructureRussian Foreign Ministry Says Aggressive Actions in Cyberspace Won’t Go Unanswered
Russia’s top cyber diplomat warned of retaliation for cyberattacks launched in the wake of Moscow’s invasion of Ukraine, vowing his country "will not leave aggressive actions unanswered."
Comments from Andrei Krutskikh, posted to Russia’s Foreign Ministry website, came days after the Russian government urged the United States to desist from additional cyberspace incursions. U.S. Cyber Command Army Gen. Paul Nakasone, earlier this month revealed that the U.S. has conducted a "full spectrum" set of cyber operations to support Ukraine.
Russia’s IT security teams are contending with a record number of cyber incidents amid an upwelling of international support for Ukraine, including civilian hackers acting at their own behest.
"Rest assured, Russia will not leave unanswered aggressive actions. How and where - you will find out after the fact. All our steps will be measured, targeted, in accordance with our legislation and international law," says Krutskikh in remarks translated from the original Russian.
Cyber experts tell Information Security Media Group there’s a limit to Russia’s ability to follow through on Krutskikh's warnings.
"If Russia wants to escalate into kinetic warfare, it looks as though that would simply lead to another strategic setback for them," says Alan Calder, CEO of GRC International Group, a cybersecurity practitioner that is closely tracking Russia's war in Ukraine.
"Russia doesn't currently have the military resource to wage war on two fronts - frankly, it is struggling in Ukraine, anyway," he adds.
The conflict has already sapped Russia's cyber reserves, says Sam Curry, visiting fellow at the George Mason University's National Security Institute. The real question, he says, is how deep the country's reserves run and how quickly it can generate new hacking tools.
"Russia has produced dozens of new wipers, for instance, in the last few months. But how innovative are they? How is each successive piece of malware more or less effective than what has come before? Russia has cyber reserves, but the cyber arsenal's size is the big question now," says Curry, who is also CSO at security firm Cybereason.
Not the First Such Warning
On June 6, in an interview with Russian newspaper Kommersant, Krutskikh accused the U.S. of using Ukraine to carry out cyberattacks against Russia.
"State institutions, critical and social infrastructure facilities, storage of personal data of our citizens and foreigners living in Russia are being hit. Officials in the United States and Ukraine are taking responsibility for the sabotage," Krutskikh told the Russian broadsheet.
"They do not seem to fully realize how dangerous aggressiveness and encouragement of gangsterism is in the field of information security," he added.
The U.S. has conducted offensive cyber activities in support of Ukraine, Nakasone told Sky News on June 1.
Nakasone said that the U.S. has "conducted a series of operations across the full spectrum: offensive, defensive, [and] information operations." Those include "hunt forward" operations, an American military term for the deployment of U.S. cyber teams in foreign countries.
International hacking collective Anonymous, which has publicly backed Ukraine, took responsibility in March for a hack of the German subsidiary of Russian energy company Rosneft. The group reportedly stole more than 20 terabytes of data. While the hack did not affect any business operations, some of Rosneft's systems and various processes were affected, Toby Lewis, head of threat analysis at cybersecurity firm Darktrace, told ISMG at the time (see: Anonymous Reportedly Hacked Russian Energy Firm Rosneft).
Later that month, hackers may have breached infrastructure belonging to Russia's Federal Air Transport Agency, or Rosaviatsiya, possibly wiping out 65 terabytes of data (see: Hackers Target Russian Federal Air Transport Agency).
Russian Deputy Foreign Minister Oleg Syromolotov in May told Russian state-run news agency Tass that domestic corporations are secure and protected from foreign cyberattacks.
"Over the years of the anti-Russian sanctions and against the background of continued cyberattacks, we have created an information security system of our own. All kinds of unlawful action we have witnessed in the information space are well known to our experts, while Russian software has been rolled out almost in every anti-attack system," Syromolotov told Tass.