U.S. intelligence analysts have determined that Moscow would consider^[1] a cyberattack^[2] against the U.S. as the Ukraine crisis grows^[3].

As a scholar^[4] of Russian cyber operations^[5], I know the Kremlin has the capacity to damage critical U.S. infrastructure systems.

Federal officials have been bracing for this. In January 2022 the U.S. Cybersecurity and Infrastructure Security Agency issued an alert^[6] that outlined the Russian cyberattack threat, with technical details of sophisticated Russian-led hacking from recent years. That included a complicated digital break-in^[7] that targeted the U.S. energy industry and gained access to the control rooms of U.S. electric utilities. According to Homeland Security officials, the hackers “could have thrown switches^[8]” and knocked out power to the public – but did not.

In mid-February 2022, federal cybersecurity experts met with executives from big U.S. banks^[9] to discuss defenses against Russian hacking attempts.

In Ukraine, the Russian offensive began Feb. 23, 2022, with cyberattacks aimed at overloading and shutting down bank and government websites^[10]. In addition there were reports of software capable of corrupting data^[11] having been secretly installed on hundreds of computers owned by large Ukrainian organizations in the financial, defense and information technology services industries^[12].

That malicious software spilled outside Ukraine – it was found on computers in Lithuania and Latvia – which is reminiscent of the NotPetya^[13] attack. In 2017, a piece of malware that initially seemed to be ransomware was unleashed on Ukraine and spread widely, causing more than $10 billion in collateral damage^[14] to major international companies. The NotPetya attack was ultimately attributed to a Russian military unit^[15].

U.S. officials have also highlighted that Russian cyberwarriors can gain access and remain undetected for long periods^[16] in key systems in the U.S.

Russian Foreign Intelligence Service^[17] hackers did this in 2020 when they gained access to SolarWinds software, used by many companies and government agencies to manage their computer networks^[18]. After initially breaking into the system, the Russians stayed undetected for seven months, even disabling^[19] antivirus software and using stolen login credentials^[20] to appear like legitimate users.

This attack gave Russians access inside at least nine U.S. federal agencies^[21] and around 100 private companies, many in information technology and cybersecurity.

It’s impossible to be certain^[22] there aren’t more Russian government hackers lurking undetected in critical companies and systems in the U.S. And wherever they are, they may have the ability to cause substantial damage.

[Get The Conversation’s most important politics headlines, in our Politics Weekly newsletter^[23].]

References

1. ^{^} would consider (news.yahoo.com)
2. ^{^} a cyberattack (theconversation.com)
3. ^{^} Ukraine crisis grows (www.wsj.com)
4. ^{^} scholar (scholar.google.com)
5. ^{^} Russian cyber operations (press.georgetown.edu)
6. ^{^} an alert (www.cisa.gov)
7. ^{^} complicated digital break-in (www.cisa.gov)
8. ^{^} could have thrown switches (www.wsj.com)
9. ^{^} big U.S. banks (www.cnn.com)
10. ^{^} bank and government websites (www.cnn.com)
11. ^{^} software capable of corrupting data (www.scmagazine.com)
12. ^{^} financial, defense and information technology services industries (symantec-enterprise-blogs.security.com)
13. ^{^} NotPetya (www.cbsnews.com)
14. ^{^} more than $10 billion in collateral damage (www.wired.com)
15. ^{^} Russian military unit (www.justice.gov)
16. ^{^} gain access and remain undetected for long periods (www.cisa.gov)
17. ^{^} Foreign Intelligence Service (home.treasury.gov)
18. ^{^} manage their computer networks (www.rpc.senate.gov)
19. ^{^} disabling (www.mandiant.com)
20. ^{^} stolen login credentials (www.mandiant.com)
21. ^{^} nine U.S. federal agencies (www.whitehouse.gov)
22. ^{^} impossible to be certain (theconversation.com)
23. ^{^} Get The Conversation’s most important politics headlines, in our Politics Weekly newsletter (memberservices.theconversation.com)