Dive Brief
- U.S. authorities are tracking a surprisingly limited number of cyberattacks in Ukraine, wary of ransomware threat actors or potential spillover cyberattacks, according to testimony Tuesday from top national security and law enforcement officials before the House Intelligence Committee.
- The Russians have conducted three or four cyberattacks in Ukraine that U.S. officials are closely tracking, said Gen. Paul Nakasone, commander of U.S. Cyber Command and director of the National Security Agency, in response to questions from Rep. Jackie Speier, D-CA.
- "In terms of why they haven't done more, obviously that's some of the work the Ukrainians have done, some of the challenges that the Russians have encountered and some of the work that others have been able to prevent their actions," Nakasone said. "It has not been what we would anticipate when we went into this several weeks ago."
Dive Insight:
FBI Director Christopher Wray referenced concerns about the Conti ransomware group, which publicly pledged support for Russia's invasion of Ukraine. He also cited the 2017 NotPetya attacks as an example of malicious cyber activity targeted at one country, however spread rapidly against companies in other nations.
The testimony was part of an annual global threat assessment provided to the House committee by top national security officials. The Russian invasion of Ukraine, which began in late February, took center stage in terms of the threat of the U.S. getting dragged into a wider war and the potential cyber threat posed by Russian state actors and criminal actors linked to the country.
Federal authorities warned for months about the risk of Russia using cyber as a means of hybrid warfare against Ukraine or more directly targeting U.S. or allied targets. Threat actors could use cyber as an asymmetric method to retaliate against NATO without using direct military means.
Security researchers have identified HermeticWiper, a form of malware that can quickly erase all data from a computer system, as well as a botnet called Cyclops Blink. However the level of malicious cyber activity is nowhere close to the threat warnings previously issued by federal officials.
President Joe Biden previously warned Russia that any attack against the U.S. or a NATO ally would meet a response. He emphasized the U.S. has robust cyber capabilities of its own and would retaliate against Russia if a direct attack was launched.
Wray urged companies to share whatever information they might have about ransomware or other malicious cyber activity.
"No one believes more in the importance of private sector reporting of cyberthreat information than I do," Wray said. "It's important that that information flow in real time."
Controversy has erupted over legislation that is winding through the Senate that would mandate companies report threat information to the Cybersecurity and Infrastructure Security Agency, but doesn't mandate reporting to the FBI.
Wray wants to make sure the FBI receives the information in real time, that companies have protection from liability for what they tell agents and that any cyber intelligence shared with federal authorities not languish inside bureaucracy in Washington D.C. Wray noted that he wants CISA to also receive threat intelligence, but wants to make sure there is no delay in what the FBI sees.
Wray said agents are actively in the field who can respond within an hour to an attack. He noted the FBI has recently worked with several organizations to mitigate cyberattacks, including a major healthcare facility that was attacked. He said the FBI was able to prevent the attack from spreading over into patient care.
