Cyber ​ ​ war of Russia and the United States

Cyber Warfare Regulation

Main article: Cyber ​ ​ wars

Since 2011, Russia began to make efforts to agree at the UN documents on the management of conflicts in cyberspace.

• Cyber ​ ​ war of Russia and Great Britain

2024

Ukrainian system for crossing the border "Shlyakh" does not work due to cyber attack

The Ukrainian system for crossing the border "Shlyakh" does not work due to a cyber attack. This was announced by the State Service of Ukraine for Transport Safety (Ukrtransbezopasnost) on January 25, 2024. Read more here.

Ukrainian Naftogaz turned off IT systems after a large-scale cyber attack on the data center

On January 25, 2024, Naftogaz Ukrainy Corporation announced a hacker attack on its IT infrastructure. The holding was forced to turn off some of the services. Read more here.

2023

The United States imposed sanctions on Russians on charges of cyber attacks. List

On September 7, 2023, the US Treasury Department announced the inclusion of 11 Russians on the sanctions list related to cybercrime. The updated list includes:

• Andrei Zhuikov (Niki Dif and Defender) - according to the United States, was the central actor in the group and served as senior administrator;
• Maxim Galochkin (Bentley, Crypt and Volhvb) - named head of the group of testers responsible for the development and implementation of tests;
• Maxim Rudensky - USA considers him a key member of Trickbot and the head of the programming team;
• Mikhail Tsarev (Alexander Grachev, Mikhail Ivanov, MANGO, MISHA KRUTYSHA, SUPER MISHA) - named in the message as the group manager and responsible for accounting;
• Dmitry Putilin (GRAD, STAFF) - according to the US version, is associated with the purchase of Trickbot infrastructure;
• Sergey Loguntsov - is considered the developer of the group;
• Maxim Khaliullin - named Trickbot HR Manager;
• Vadim Valiakhmedov (Weldon, Mentos, Vasm) - according to the American authorities, was a programmer of the group;
• Artem Kurov (NANED) - considered a developer programmer;
• Mikhail Chernov (Bullet) - according to the US Department of Justice, part of the group of internal utilities;
• Alexander Mozhaev (Green, Rocco) - is considered an administrator who was responsible for general duties. Read more here.

CIA created a Telegram channel to recruit Russians

On May 13, 2023, the Central Intelligence Agency (CIA) USA created a Telegram channel for recruiting Russians. More. here

FSB accuses NATO and Pentagon of cyber attacks against Russia

NATO countries and the US Department of Defense (Pentagon) are involved in massive cyber attacks from Ukraine against Russia. This was reported on April 13, 2023 at the FSB Public Relations Center.

During the analysis, data were obtained indicating the use of Ukrainian territory by the United States and NATO countries to conduct massive computer attacks on civilian facilities in Russia. Currently, the network infrastructure of Ukraine is involved in units of offensive cyber operations of Western countries, allowing them to secretly use new types of cyber weapons, the center said in a statement.

It also noted that the network infrastructure of Ukraine is involved in units of offensive cyber operations of Western countries, allowing them to secretly use new types of cyber weapons. In order to conceal its involvement, Washington seeks to present the "author" of cyberattacks exclusively to Ukraine, namely the hacker group "IT Army of Ukraine," which committed thousands of computer attacks on Russian information resources, the FSB center said.

The ministry stressed that cyber attack programs are being developed by the Pentagon together with international and national hacker groups. In total, since the beginning of 2022, about 5,000 cyber attacks have been launched against critical infrastructure in Russia, which were repelled, the FSB reported on April 13, 2023.

In early March 2023, Deputy Prime Minister Dmitry Chernyshenko, at a meeting with young scientists, inventors and technological entrepreneurs of the world-class Eurasian REC in Ufa, said that since the beginning of 2023, the number of cyber attacks on Russian systems has increased by 65%. Chernyshenko accused Western countries of attacks on information systems.^[1]

2022

Russian Foreign Ministry: US allocated $11 billion for cyber attacks

The United States plans to spend $11 billion on cyber attacks against objectionable governments in 2023. This was announced in December 2022 by Deputy Foreign Minister of the Russian Federation Syromolotov in a conversation with RIA Novosti.

In his opinion, the West wants to use information and its carriers to obey its will of objectionable governments through cyber attacks. Syromolotov stressed that the US government annually allocates huge funds for these purposes.

The diplomat also pointed out that the administration of US President Joe Biden in October 2022 for the first time in its updated doctrinal documents declared the whole world and the global information space "an area of ​ ​ its interests."

Earlier, Syromolotov noted that after the start of the Russian military operation in Ukraine, the number of cyber attacks against Russian information resources and infrastructure facilities increased significantly. They are recorded mainly from the countries of North America and the European Union.

On December 3, 2022, Politico reported that NATO countries intend to use cyber forces and the latest technologies in the Ukrainian conflict to counter Russia.

The publication recalled the exercises held at the end of November by representatives of the countries of the North Atlantic Alliance on. The cyber security article notes that new technologies were tested on them, including the adaptation of the use of technologies. artificial intelligence

On October 24, 2022, Deputy Prime Minister Dmitry Chernyshenko said that "cyber warfare of unfriendly countries" was fighting against the country. In this regard, cyberstabs were organized in all executive bodies and throughout critical infrastructure. According to him, more than 25 thousand cyber attacks on state resources have already been repelled this year.^[2]

US State Department uses artificial intelligence to propaganda against Russia and China

On December 6, 2022, Ambassador Derek Hogan announced that the US State Department is actively using artificial intelligence (AI) and other advanced IT solutions for propaganda against Russia and China. Read more here.

A hacker from the DPR hacked into the American control program of the Armed Forces of Ukraine

Hacker Joker from the Donetsk People's Republic (DPR) hacked into the American Delta troops control program, which is actively used by the Armed Forces of Ukraine (AFU). This was announced on November 1, 2022 by the head of the press service of the DPR Daniil Bezsonov. Read more here.

Britain, USA, Germany, the Netherlands, Poland and Estonia support the work of fraudulent call centers in Ukraine against Russians

At the end of October 2022 Russian Foreign Ministry , he accused Western countries of supporting "hostile" call centers on. To Ukraine A number of Western countries, including,,, and Britain USA, GERMANY Netherlands Poland Estonia are pursuing a policy of infrastructure support for the functioning of Ukrainian call centers engaged in fraud against Russians.

Russian Killnet hackers disrupt 14 US airport websites

October 10, 2022 Russian hackers Killnet disrupted the work 14 airport websites. USA This was announced. CNN Another American television station - ABC News - citing a senior official familiar with the situation, confirmed that the resources of some of the largest airports in the United States were subjected to a cyber attack from "out."hackers Russia

According to the interlocutor of ABC News, the systems that became the targets of the cyber attack are not related to those related to air traffic control, internal communications, airline coordination and transport security. Sites with information about the waiting time at airports and the situation with their congestion were not available, the TV channel points out. The source called the situation an "inconvenience."

CNN, in turn, notes that cyberattacks themselves did not affect air travel, but the problems were delivered to passengers looking for information about flights. Hacker attacks, in particular, were subjected to Hartsfield-Jackson Atlanta International Airport and Los Angeles International Airport.

Speaking about the Killnet group itself, CNN journalists noted that these are "poorly organized hacktivists who are politically interested in supporting the Kremlin, but their ties with Moscow are unknown." The channel also questions the effectiveness of DDoS attacks - the main weapon in the Killnet arsenal.

Шаблон:Quote 'DDoS attacks give visible results, but these incidents are usually superficial and short-lived, "stated John Hultqvist, vice president of Google-owned Mandiant. Earlier in October 2022, the Killnet group claimed responsibility for shutting down U.S. state government websites. Hackers are also accused of briefly shutting down the website of the US Congress in July 2022 and cyber attacks on Lithuanian organizations after the country blocked the delivery of goods to Kaliningrad in June of that year.^[3]

"We are in cyber warfare, there should be no illusions." Interview of the head of the Ministry of Digital Development Maksut Shadayev at the TAdviser conference

To the questions of the editor-in-chief about the TAdviser Alexandra Levashova current situation in digitalization, states answered Maksut Shadayev chapter. Ministry of Digital Development of the Russian Federation Interview took place at the IT Government Day 2022 conference, organized and held by TAdviser on October 5, 2022.

Microsoft has long ceased to be a private company and acts at the direction of US law enforcement agencies

At the end of August 2022, the Ministry of Foreign Affairs of the Russian Federation announced Microsoft's long-standing cooperation with the US authorities. So the department reacted to the materials of the company, which says that a certain "hacker group Seaborgium Haili Likes operates in the state interests of Russia. Read more here.

Russian hackers hacked the site of the manufacturer HIMARS

On August 9, 2022, the hacker group Killnet announced the hacking of the website of the American military-industrial corporation Lockheed Martin, which, in particular, produces HIMARS multiple launch rocket systems and Javelin anti-tank missile systems. The information was published on the group's Telegram channel. Read more here.

Russian Foreign Ministry: US admits to creating "IT Army of Ukraine"

The United States and its allies use information technologies for offensive purposes and "admit" to creating an "IT army of Ukraine" for attacks on Russian infrastructure, Russian Deputy Foreign Minister Oleg Syromolotov told RIA Novosti.

Speaking about the third session of the UN Open-ended Working Group on Information and Communication Technologies (ICT), he said that at it the Russian delegation, "based on the facts, recalled that it is the United States and its allies that use ICT for offensive purposes."

In June, Andrei Krutskikh, director of the Department of International Information Security of the Russian Foreign Ministry, said that hacker groups from Ukraine, as well as from the United States, and Georgia are committing cyber attacks against Russian government agencies, data warehouses of Russians and foreigners, 22 hacker groups are involved in illegal operations, the most active are the IT-Army of Ukraine, American GhostClan (USA), Georgian GNG, Polish Squad303.

US increases funding for VPN services to bypass blocking by Russians

In mid-June 2022, it became known that the US authorities are increasing funding for VPN services to bypass blocking by Russians. Financial support is presented through the United States World Media Agency (USAGM) and the Open Technology Fund (OTF, funded by the government and controlled by USAGM).

According to Reuters, citing informed sources, the VPN projects nthLink, Psiphon and Lantern in 2015-2021. received about $4.8 million from the American authorities, and since the start of the Russian special operation in Ukraine (February 24, 2022) and four months later, funding has almost doubled.

OTF head Laura Cunningham confirmed to the agency that the organization has increased its support for three VPN services because, according to her, the Russian authorities are trying to limit what their citizens "can see and talk on the Internet." According to her, in May 2022, more than 4 million Russians used a VPN, supported by OTF.

According to the British research company Top10VPN, after the start of the special operation of the Russian Federation in Ukraine, the number of people resorting to the services of VPN providers in Russia every day increased by 452%, to at least 6 million users by June 2022 (about 147 million people live in the Russian Federation).

Representatives of VPN services confirmed that they really needed additional funding to scale the IT infrastructure, including in order to "help Russian users." NthLink revealed that in the first days after the launch of advertising for the service in Russia, the number of users from the Russian Federation rose from 1 thousand to 10 thousand, and then to 50 thousand per day, and the number of registrations continues to grow. Psiphon said that more than 1.3 million users from the Russian Federation use the service every day. Lantern revealed that by mid-June 2022 it records more than 1.5 million new customers from the Russian Federation from the beginning of March 2022.^[4]

The United States officially admitted to conducting offensive cyber attacks against Russia

In early June 2022 , the United States officially admitted to conducting offensive cyber attacks against Russia. As the representative of the White House Karin Jean-Pierre noted, Washington's unwillingness to enter into direct confrontation with Moscow is not in conflict with the US "offensive" cyber operations in support of Ukraine.

So she reacted to the statement of the US Cybercom chief, General Paul Nakasone, who previously said that Washington had conducted a series of "offensive digital operations" in support of Ukraine. He explained that they were absolutely legal and carried out under full civil supervision, without telling other details and goals. What exactly was the essence of the operation, he did not explain, but said that Moscow allegedly also arranges cyber attacks.

In addition, Nakasone said that his task is to provide the Secretary of Defense and the President of the United States with various options for action, as well as that possible cyber attacks by Russia are constantly analyzed, and Cyber ​ ​ Command "remains vigilant every day."

On May 20, 2022, Russian President Vladimir Putin said that the number of hacker attacks on Russian information infrastructure has been growing in recent years, but after the outbreak of hostilities in Ukraine, "the challenges in this area have become even more acute and serious, larger."

The head of state created an interdepartmental commission of the Security Council to ensure technological sovereignty in the development of IT infrastructure. Dmitry Medvedev, deputy head of the Russian Security Council, was appointed head of the new commission . Among the goals of the commission: the development of measures to protect information infrastructure facilities, equipping such facilities with Russian electronic products, technical equipment, software.^[5]

Statement by the Russian Foreign Ministry in connection with the ongoing cyber aggression by the "collective West"

On March 29, 2022, it became known about the statement of the Russian Foreign Ministry in connection with the ongoing cyber aggression by the "collective West."

Against the background of a special military operation to protect the DPR and LPR, demilitarization and denazification Ukraine USA , and their satellites are undertaking a massive cyber operation against. Russia In fact, every day, life state institutions, media critical infrastructure, support facilities are subjected to powerful blows using advanced information and communication technologies. With the filing of the Kiev regime, an "international call" of anti-Russian specialists was announced, in programmers fact, forming "offensive cyber forces." The bill harmful attacks against Russia goes to hundreds of thousands per day.

Sophisticated cyber tools are used to steal the personal data of Russian citizens. Fake information is spreading on the Internet in order to disorient and demoralize Russian society, discredit the actions of the Armed Forces of the Russian Federation and government bodies, stimulate illegal activity in the population, complicate the work of various sectors of the economy, sow fear and instability.

The unprecedented scope of these actions and their coordinated nature unequivocally indicate that in addition to the Ukrainian special forces of information and technical influence prepared by the United States and other NATOs, anonymous hackers and provocateurs acting at the direction of the Western curators of the Kyiv regime are increasingly involved in this cyber war against Russia. In fact, an army of cyber recruits is waging a war against Russia, facing specific combat missions, often bordering on open terrorism.

Profile structures effectively resist these attacks, give them a powerful rebuff. Strengthening ICT security is now becoming one of the main tasks in line with the reliable provision of the country's national security. Efforts to promote specialized initiatives will be intensified at international platforms, primarily at the UN. Work will continue to strengthen the legal protection of Russian individuals and legal entities from malicious cyber activity from outside.

No one should have any doubts: the cyber aggression unleashed against Russia will lead to serious consequences for its instigators and perpetrators. Sources of attacks will be established, attackers will inevitably be held responsible for what they have done in accordance with the requirements of the law^[6] by^[7]

US intelligence agencies offered President Joe Biden to use cyber weapons against Russia

US intelligence agencies have proposed to President Joe Biden to use cyber weapons against Russia "on an unprecedented scale." This became known on February 24, 2022.

A package of relevant proposals was prepared by the US intelligence services.

President Joe Biden was presented with a number of options for the United States to carry out massive cyber attacks aimed at undermining Russia's ability to support its military operations in Ukraine, the NBC website said in a statement.

The decision on cyber attacks can be made against the background of Russia's military operation against Ukraine. Most Western countries have announced their readiness to support Kyiv in this situation.

Among the options offered are a violation of Internet connections throughout Russia, power outages and interference with railway switches "to prevent Russia from replenishing its forces."

The final decision has not yet been made, but such a scale of the alleged attacks was not previously possible^[8]on an^[9]

US intelligence agencies issued a training manual to protect against "Russian hackers" exploiting gaps in Cisco and Oracle products

In January 2022, the US Cyber ​ ​ Security and Infrastructure Protection Agency, the FBI and the National Security Agency published a jointly prepared methodology entitled "Understanding and Minimizing Threats to Critical US Infrastructure Funded by the Russian State"^[10]

As the authors explain, this document is one of the steps in their cybersecurity mission, designed to warn organizations, especially critical infrastructure owners, about cyber threats and help the information security community minimize the risks that these threats pose. It provides an overview of "Russian-funded cyber operations," typical tactics, techniques and procedures, post-detection actions and recommendations for responding to attacks, as well as mitigation.

Historically, "funded" Russia attackers used common but effective tactics, the methodology says. These include targeted phishing, password hacking by enumerating all possible key options, and exploiting known vulnerabilities to hack accounts and networks with weak security.

The list of vulnerabilities, the use of which American intelligence services attribute to "Russian hackers" to gain access to systems, includes previously discovered "holes" in products, Cisco,, Oracle, Citrix Microsoft FortiGate, etc. For each of them, the document contains links to pages with descriptions in the National^[11]

"Russian hackers" demonstrated their possession of complex methods of conducting special measures and competence in the field of compromising the infrastructure of third parties, software, in the development and implementation of malicious software, the authors of the document say. They are also able to quietly maintain long-term and sustainable access to compromised environments, including cloud environments.

It also claims that "Russian hackers" targeted American and international organizations that own critical infrastructure, including state-owned enterprises, military-industrial organizations, from the sphere, health care telecommunications, etc.

Summing up all their recommendations set out in the document, its authors indicated that in order to quickly strengthen their cybersecurity from "Russian-sponsored" attackers, owners of critical infrastructure facilities need:

• Patch all your systems. First of all, those that are indicated in the methodology in the list of "known vulnerabilities used";
• Implement multifactor authentication. It is needed for all users without exceptions;
• Use antivirus software;
• Develop an internal list of security contacts and identify those responsible for responding to incidents. At the same time, it is necessary to minimize the difference between the personnel responsible for information security and operational security.

John Bambenek, chief threat finder at Netenrich, a California-based information security services company, believes there is little real protection help from such techniques.

I read this and I don't get new knowledge about detecting and preventing such attacks, "says John Bambenek. - I hope these agencies can directly contact organizations to offer them more specific recommendations[12].

The document was published against the background of the topic of the possibility of Russia's invasion of Ukraine, actively discussed by American politicians: in recent weeks, it has not left the front pages of the largest US media.

The methodology does not mention current Russian-Ukrainian tensions, but if an escalation of the conflict occurs, then we can expect cyber threats from Russia in order to strengthen its actions. Cyberspace has become a key component of geopolitics, - believes Rick Holland, information security director of the cyberthreat protection software manufacturer Digital Shadows, quoted by the Tech Republic[13].

After the publication of the guidelines, the National Cybersecurity Center of Great Britain issued a statement that it supports the new recommendations and efforts of international partners to counter "Russian-funded" cyber threats aimed at the critical infrastructure^[14].

The Russian authorities deny any involvement in hacker attacks on American state structures and private companies. And since 2021, Russia and the United States countries have been consulting on cybersecurity.

2021

Microsoft called Russia the main cyber threat to the national security of countries

Russia is more active than other countries in organizing cyber attacks in the world, according to a Microsoft report on cybersecurity. The company called Russia the main cyber threat to the national security of countries. This became known on October 7, 2021.

According to to data Microsoft experts hackers Russia , they were behind 58% of such attacks. It is noted that most often "Russian hackers" attacked,, and USA Ukraine Great Britain included in. NATO the European states

Microsoft experts noted that Russian cybercriminals have seriously increased the percentage of successful attacks - up to 32% from July 1, 2020 to June 30, 2021. Government agencies were targeted by hackers in 53% of cases , compared with 3% in the previous period. 

At the same time, most of the cyber attacks were carried out by the Nobelium group, which Microsoft connects with Russia. The company's report says Nobelium is responsible for 92% of all notifications of threatening activities sent to customers from Russia.

Thus, this puts Russia in first place in the ranking of countries from which hacker attacks proceeded in 2021. In second, third and fourth places are North Korea, Iran and China, respectively.

The Russian authorities deny their involvement in cyber attacks, and are ready to cooperate with Western countries in the fight against ^[15] cybercrime^[16].

The state-backed hacks were mostly about intelligence gathering - both for national security and commercial and strategic purposes. 

The attackers gained access to information about sanctions and policy towards Russia, data on the coronavirus pandemic and tactics to combat it, information about the source code of some organizations.

This report comes as the Biden administration tries to protect the US government from cyber espionage from Russia, as well as publicly expose this malicious activity. At the same time, despite the fact that the United States and its allies continue to condemn Russia and China for their behavior in cyberspace, these countries, according to the head of Microsoft's digital security division, Christine Goodwin, "are still inclined to conduct attacks on nation states." "Therefore, we are seeing this growth," she said.

The Microsoft report also refers to ransomware attacks software as a serious and rapidly growing threat. It is noted that the most common attacks of this type are victims in the United States. According to Microsoft, the United States is confidently leading in this indicator, ahead of the nearest pursuer by about three times.

In addition to Russia, Microsoft connects a significant share of attacks involving government hackers with China. Recent campaigns, allegedly organized by the authorities of the Middle Kingdom and directed against the ministries of foreign affairs of the countries of Central and South America, as well as against a number of institutions in Taiwan and Hong Kong, are noted.

The problem is that as part of the efforts that we witnessed, Russian groups are actively engaged in destructive activities around the world, "said Rob Joyce, head of the NSA Cybersecurity Department. "And we've seen evidence that critical infrastructure in the U.S. is being targeted. Or, in other words, these are attacks that cannot be tolerated and must be fought. "

Washington believes that Moscow is responsible for the actions of all hackers in Russia

Washington believes that Moscow is responsible for the actions of all hackers in Russia.

This became known on July 8, 2021 from the words of the press secretary of the US President Joe Biden Jen Psaki.

She stated that Russia is responsible for obstructing the activities of hackers on its territory, even if the state itself has nothing to do with cyber attacks.

I will emphasize that the view of US President Joe Biden and the view of the United States administration is that even though these actions against the United States and the American private sector are taking criminal elements, even if the Russian government is not involved in this, they are still responsible.

I think he was not going to share with all of you what was only discussed before at a closed briefing, - said the press secretary.

On June 18, US National Security Advisor Jake Sullivan said that the United States is ready to use its own funds to stop the actions of hackers who allegedly commit crimes from Russia. Earlier, sources in the United States administration reported that US President Joe Biden could instruct the US military to prepare "offensive cyber operations" against hackers based in Russia.

At the same time, US President Joe Biden doubted Russia's involvement in a recent hacker attack using a ransomware virus in the United States. He stressed that initially the United States did not suspect Russia of a hacker attack, but there is no complete confidence in this. The American leader threatened to take retaliatory measures towards Russia if it turns out that it was she who carried out the cyber attack^[17] that^[18].

The Kremlin demands from Microsoft evidence of the involvement of hackers from the Russian Federation in global cyber attacks

On May 28, 2021, Russian presidential spokesman Dmitry Peskov called on Microsoft to provide evidence of Microsoft hackers' involvement in global cyber attacks.

On May 27, 2021, Microsoft announced that a hacker attack on American and other foreign government agencies had occurred over the past week. In total, about 3,000 email accounts in more than 150 organizations were hacked, said Tom Burt, vice president of the corporation.

According to him, cyber attacks affected at least 24 countries. Bert believes that Russian hackers are behind these actions. Also, in his opinion, they may be associated with an attack on the IT company SolarWinds.

Microsoft should clarify these Microsofts... This is such an abstract statement, it's like telling us that it seems to us that the big threat comes from Microsoft and software. This will be the same unfounded accusation. Just to draw a comparative parallel, - said Dmitry Peskov during a press call, answering the question whether these cyber attacks could lead to an increase in tension between Russia and the United States.

According to him, Microsoft would be worth answering a few questions:

• which hacker groups attacked;
• why they are linked to Russia;
• "who attacked";
• what these attacks led to;
• what the cyberattacks were;
• where Microsoft knows about it.

If you answer all these questions, you can think about the answer, - said the press secretary of the Russian president.

He added that Microsoft's accusations do not appear on the agenda of relations between Russian leader Vladimir Putin and US President Joe Biden. The presidential spokesman also noted that the Kremlin does not have information about such cyber attacks.^[19]

US: Russia is the main threat in cyberspace

Russia is improving and leveraging its potential for espionage and influence, and continues to target critical infrastructure, including undersea cables and industry control systems.

Russia is the largest US threat in cyberspace, according to the annual report of the US intelligence community^[20].

"We believe that Russia will remain the leading cyber threat as it improves and uses its potential in the field of espionage and influence. Russia continues to choose the goal of critical infrastructure, including underwater cables and control systems of the industry, in the United States and in partner countries and allies of the United States, "the report said. "Russia almost certainly considers cyber attacks an acceptable option to deter opponents, control escalation and the implementation of conflicts," the report said.

Patrushev denied Russian accusations of cyber attacks

Secretary of the Security Council of the Russian Federation Nikolai Patrushev said in April 2021 that Russia has nothing to do with cyber attacks, which the United States attributes to the Russian Federation.

At the same time, according to him, Washington does not present any evidence of the involvement of the Russian authorities in these incidents to either Moscow or the general public. But on the other hand, it exposes Russia as almost the main aggressor in cyberspace. Patrushev also once again confirmed that Russia has nothing to do with the latest hacking of SolarWinds software, which was announced by the American authorities.

"This is another indiscriminate accusation against us. Our state has nothing to do with this hack, "Patrushev said. At the same time, the Secretary of the Security Council did not rule out that hackers involved in Russia could participate in cyber attacks, but the authorities were not involved in this. We repeatedly told the Americans: if you have suspicions, send us specific information, we will figure it out. Do not give, - complained Patrushev.

CNN: Russian hackers preyed on American cyber rapid response services

For months, until officials USA knew of a cyberattack on American government agencies through, software SolarWinds Russia hackers identified several key Department of Homeland Security (DHS) analysts who were supposed to be among the first to respond to the hacking detection. After that, hackers tried to gain access to their email, reports in April 2021 CNN , citing two CNN sources^[21]

While it's unclear whether any of those accounts have been compromised, sources say the fact that hackers knew exactly which analysts at the DHS should be approached suggests they have a much deeper understanding of the US cyber defence system than previously known.

Hackers were able to track quite in real time when officials in the US identified the attack, and this allowed them to "tailor their actions and go unnoticed for as long as possible. Former employee of the US National Security Agency (NSA) and CNN military analyst Cedric Leighton advises DHS employees to "completely update the system of all protective cyber operations."

US authorities have not found evidence of the influence of Russian hackers in the presidential election

The US authorities found no evidence that hackers associated with foreign governments managed to block voters from voting, change votes, interfere with the counting of votes or the timely transfer of election results, modify the technical aspects of the voting process or otherwise impair the integrity of voter registration or ballot information, filed during the 2020 federal election The^[22] in^[23].

This was reported in a joint report^[24]US^[25] Justice (including the FBI) and the Department of Homeland Security (including the Cybersecurity and Infrastructure Security Agency).

"As part of extensive campaigns by Russia and Iran against critical infrastructure, the security of several networks to manage some election functions has indeed been compromised. But it had no meaningful impact on the integrity of voter data, the ability to vote, the counting of votes or the timely transmission of election results. Iran's statements aimed at undermining public confidence in the US electoral infrastructure were false or exaggerated, "the report said.

However, experts have identified several incidents when attackers associated with the governments of Russia, China and Iran significantly affected the security of networks associated with US political organizations, candidates and campaigns during the federal elections in 2020. In most cases, it is unclear whether the attackers sought to gain access to networks in the foreign policy interests of foreign states or to conduct operations related to election interference.

In a number of cases, attackers collected at least some information that they could publish in order to exert influence. However, no evidence of publication, modification or destruction of this information was found.

"We found no evidence (either by collecting intelligence about foreign attackers themselves, or through monitoring the physical security and cybersecurity of voting systems across the country, or through post-election checks or through any other means) that a foreign government or other parties compromised election infrastructure to manipulate election results," the authors of the report summed up.

US plans cyber attacks and sanctions against Russia

On March 8, 2021, it became known that they USA plan to carry out several cyber attacks Russian on systems related to the authorities within three weeks and impose sanctions as a "response" to hacker the attack with the use of software SolarWinds which the Joe Biden administration accuses. Russia

to data According to unnamed sources, the newspaper USA will produce "hidden counterattacks" in the next three weeks, which will become known to the president, Russian Russia Vladimir Putin intelligence and the military, but not to the outside world. In addition to cyber attacks, the United States plans to introduce economic ones. sanctions against Russia Also, President Biden may sign a decree to strengthen governmental system protection amid cyber attacks.

In early January 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement from the FBI and a number of other US entities, according to which Russia is probably behind a large-scale cyber attack on clients of computer security firm SolarWinds. The purpose of the attack, which was also subjected to US government agencies, was, as suggested in Washington, to obtain intelligence. However, it was subsequently stated that the organizers of the attack did not receive access to sensitive information.

US National Security Advisor Jake Sullivan said the administration is ready to use different tools in connection with the cyber attack. According to him, it should be "not just sanctions" - tools that are "visible and invisible" will be applied.

Press Secretary of the Russian President Dmitry Peskov previously emphasized Moscow's non-involvement in cyber attacks. The official representative of the Russian Foreign Ministry also said that the US accusations of Russia's involvement in a mass hacker attack on US federal departments are unproven by the^[26].

Microsoft openly accused the Russian Federation of attacks on US federal departments

On February 24, 2021, it became known about Microsoft 's statement that it had "solid evidence" of Russia's involvement in the sensational wave of cyber attacks on at least nine US federal departments and dozens of private companies. As Microsoft President Brad Smith noted, speaking before the US Senate Intelligence Committee, the government will probably take time to formally reach the same conclusion.

Шаблон:Quote 'At this stage, we already have solid evidence pointing to Russia's foreign intelligence agency. We found nothing to point to anyone else, "Smith stated.

In turn, US intelligence has so far reported only that the attack was carried out by someone "probably of Russian origin."

The February 23, 2021 hearing on the spy operation marked the first public report on To the United States Congress the incident. As software IT SolarWinds the source recalled, in 2020, the supplier in the field inadvertently sent thousands of its customers updates for the Orion platform, containing. As malicious code a result,. incident affects US federal agencies and private companies

Malicious code allowed hackers to carry out subsequent attacks on the Department of Commerce, the Department of Defense, the State Department, etc. As a result of the hack, up to 3% of its Microsoft email accounts were available to attackers, the Justice Department said.

According to Kevin Mandia, CEO of information security company FireEye, which is also investigating the incident, attackers with this level of access could do much more than just track files.

They had a plan. They had data collection requirements they were targeting government projects; they targeted things that matched keywords. These guys calculate their actions - if they broke into your car, sir, they search it. The relevant documents are found. Their economic background shows that they are professionals, "Mandia said, speaking before Congress.

According to Mandia and Smith, the attackers tried to avoid detection by starting their attacks from servers in the United States. The same was previously reported by the adviser to the President of the United States for National Security Anne Neuberger. As Neuberger explained, using infrastructure in the United States, hackers "made it difficult for the US government to monitor their activities"^[27].

2020

Most cyber attacks on objects in the Russian Federation are carried out from the United States

Senators of the Federation Council of the Russian Federation believe that about half of all cyber attacks on important objects of Russia come from the United States.

The head of the Federation Council Commission for the Protection of State Sovereignty and Prevention of Interference in the Internal Affairs of the Russian Federation, Andrei Klimov, cited data from sources on the total number of cyber attacks on "significant objects of the Russian Federation" compared to the total number of cyber attacks from abroad.

"According to our estimates, the share of cyber attacks carried out from the United States on sensitive facilities of the Russian Federation reaches at least 48-52%," Klimov said in December 2020 during a round table at the Federation Council.

At the same time, some experts even believe that the real figure can reach two-thirds of the total number of hacker attacks on the Russian Federation ^[28]].

Hackers hacked into the IT system of the US Treasury and stole data, suspect a Russian hacker group

On December 13, 2020, it became known cyber attacks about the Ministry of Finance USA National Telecommunications and Information Administration (NTIA). According to the agency, Reuters the attackers are supported by a foreign government, but which one is not specified. More. here

US Navy Cyber ​ ​ Command intervened in the operation of an automatic ship identification system, creating a dangerous precedent

On November 26-27, 2020, Cyber ​ ​ Command UNITED STATES NAVY , by substituting data automatic ship identification system , grossly distorted the situation in order to extradite a civilian vessel for American the destroyer Ross. At the same time, a civilian ship it was identified in the system as a border violator the Russian state , and the destroyer Ross itself was in the port of Gdynia (). Poland More. here

Microsoft accused Russia of cyber attacks on COVID-19 vaccine developers without evidence

November 13, 2020 Microsoft announced cyber attacks hackers from Russia and to DPRK foreign companies engaged in the creation. COVID-19 coronavirus vaccines More. here

US Secretary of State accuses Russia of "complete disregard for public safety"

The US Secretary of State accused Russia of "complete disregard for public safety." This became known on October 21, 2020. According to the United States, GRU officers caused $10 billion in damage by their actions.

Russia is one of the main troublemakers on the global Internet, said the head of the US State Department Mike Pompeo. He called on all states to join the prosecution of six Russian citizens, who, according to the American side, seem to be involved in cybercrimes.

According to him, Moscow demonstrates a complete disregard for public security and international stability, although the opposite is proved in words.

Commenting on the accusations against six more cybercriminals from Russia, Pompeo called for an end to "this irresponsible behavior." The Secretary of State also called on all countries to join the persecution of these Russians so that they "face justice."

The Russian side has repeatedly rejected Western accusations of organizing cyber attacks. In addition, the United States proposed to establish a dialogue on cybersecurity^[29]

US special forces prepare for cyber war with Russia and China

American special forces are preparing for a cyber war with Russia and China. This became known on October 10, 2020.

For nearly twenty years, US special forces have been engaged in counterterrorism and insurgency, but now they must rethink how to respond to the changing threats of the 21st century, including potential conflict with other great powers - with a clear focus on Russia or China.

Standard exercises by special forces are unlikely to become irrelevant in the near future. However, the functionality of the special forces is likely to be expanded by equipping it with unmanned aerial vehicles and hackers. The units will be trained taking into account the changing situation on the planet, where cyber wars are conducted, as well as information and economic confrontations.

The source clarified that the command of special operations of the US Armed Forces (SOCOM) should continue to introduce technologies so that in the event of a military conflict it is not necessary to use unverified tactics and methods. Such technologies include machine learning and artificial intelligence.

As it stands, special forces do not reflect the needs of society. This fact should make us all think. There are barriers that leave the talents we need outside the formations, "said Acting Assistant Secretary of Defense for Special Operations and Low-Intensity Conflicts Ezra[30] are[31].

Microsoft unproven accuses Russia of half of "authorities-sanctioned" cyber attacks

At the end of September 2020, Microsoft unproven accused Russia of half of the "authorities-sanctioned" cyber attacks (NSN, nation state notification). The company cited data in a study compiled based on the results of its financial year, which ended for it at the end of June 2020 calendar.

According to Microsoft, the Russian Federation accounted for 52% of NSN. Iran is in second place (25%), China is in third (12%), and the DPRK is in fourth (11%). Most hacker attacks of this type are directed at the United States (69%), Great Britain (19%), Canada (5%), South Korea (4%) and Saudi Arabia (3%).

Microsoft said the companies are notifying users of a hacker attack "sanctioned by state authorities." Over the past two years, the corporation has sent more than 13 thousand such notifications.

With the help of the report, Microsoft is trying to protect its customers and draw their attention to hacker groups, as well as the territories from which they operate, the company said. No government is responsible for the trend of cyber attacks, it added.

According to the report, Microsoft blocked more than 13 billion malicious and suspicious emails in a year, of which more than 1 billion included URLs that activate the launch of phishing attacks aimed at obtaining credentials. From October 2019 to July 2020, ransomware became the most common reason for incident response by information security teams.

The most common attack techniques targeting government organizations have been intelligence, credential collection, malware use, and virtual private network (VPN) exploits. Microsoft emphasizes that attackers have begun to act more sophisticated, using methods that make them difficult to detect, and choosing even the most secure organizations as their targets.^[32]

Microsoft unproven accused Russia of interfering in US elections

On September 10, 2020, Microsoft accused hackers from Russia, China and Iran of cyber attacks against employees of the campaign headquarters of incumbent President Donald Trump and his election rival Joe Biden. Read more here.

The arrest of a Russian on charges of a bribe of $1 million to an employee in exchange for installing a virus in the company

On August 25, 2020, the US Department of Justice announced the arrest of 27-year-old Russian Yegor Kryuchkov, who is suspected of bribing an employee of an American company in order to infect its systems with a computer virus. Read more here.

Fifth of investigation report into 'Russian interference in 2016 election'

The Senate Intelligence Committee USA released a fifth of the report Russia investigating "2016 election interference": "The Russian government in an aggressive and multifaceted format influenced or tried to influence the outcome of the election, and Russian President Vladimir Putin personally led the efforts to hack computer networks and accounts associated with the Democratic Party of the United States" in person!

The State Department began sending Russians SMS about the remuneration of $10 million for data on interference in elections

In August 2020, the US State Department began sending SMS messages to Russians about the reward of $10 million for data on interference in the elections. The distribution is carried out as part of the Rewards for Justice program. Read more here.

Germany announced an international search for a Russian accused of cyber attacks on the Bundestag

In early May 2020 Germany , the Prosecutor General's Office issued an arrest warrant, Dmitry Badin which is accused of cyber attacks on the Bundestag. The 29-year-old Russian has been put on the international wanted list. More. here

2019

The United States is developing tactics for conducting information warfare against the Russian Federation

The United States is developing information warfare tactics against Russia in case of possible Moscow interference in the presidential elections in 2020, the ^[33] Russian ^[34].

According to The Washington Post in December 2019, one of the possible measures under consideration by the US Cybercom is aimed at the top leadership of the Russian Federation, with the exception of Vladimir Putin. The idea is to show that if the interference does not stop, the personal confidential information of the chosen target can be compromised. Another possible measure involves the use of disinformation aimed at the Russian government and the ruling elite and exploiting competition between them.

None of the measures under consideration are aimed at Russian society as a whole, since this would be ineffective, according to the US government. It is much more effective to influence key decision-makers, in particular the leadership of the FSB, the military leadership and, possibly, some oligarchs.

The targets will be sent messages about the US having access to sensitive information, and if the intervention does not stop, it will be compromised. The messages will be accompanied by a "limited cyber operation" proving that Americans have access to a system or account capable of causing damage.

US accuses Russia of hacking FBI communications systems with diplomats' summer cottages

In mid-September 2019 American , the Yahoo News portal published an article about Russian espionage. The publication, citing former employees of the Washington administration, wrote that Russia it hacked the communication systems FBI using the summer cottages of diplomats in the United States.

The publication says that Russian diplomats expelled from the United States in 2016 previously monitored the FBI special forces from the dachas of the Russian permanent mission to the FBI States.

According to Yahoo News interlocutors, Russian diplomats participated in a "daring counterintelligence operation" that intercepted classified FBI information, allowing Russian intelligence officers to avoid exposure for a long time.

It is noted that the leadership of the FBI  and the CIA had to temporarily stop communicating with their agents and look for a "mole" among their subordinates. It feared that Russian intelligence officers, being near government buildings, could even penetrate computers that were not connected to the  Internet.^[35]

The Russian Embassy in the United States said that Washington is trying through spy mania to justify the seizure of Russian diplomatic property. This was reported on the diplomatic mission's Facebook page.

Moscow recalls that Washington has so far explained the seizure of Russian diplomatic property in a completely different way, namely, Russia's "interference" in the American elections. Now the Americans have a completely different explanation for their seizure of Russian diplomatic property.

The Russian Foreign Ministry linked the information of the American media with the beginning of a new electoral cycle in the United States.

We are now entering a very interesting period, which is called "exactly a year is left before the US presidential elections." And during this period, unfortunately, we will see and hear many fantastic stories, sudden discoveries, amazing foresight, or, conversely, some excavations from the past, "Russian Foreign Ministry spokeswoman Maria Zakharova told Kommersant FM.

Roskomnadzor accused Google and Facebook of interfering in elections

Roskomnadzor accused Facebook and Google of illegally distributing political materials on a "day of silence" before the elections of deputies on September 9, 2019. The department said that such actions can be considered as "interference in the sovereign affairs of Russia and obstruction of democratic elections."

Representative of Roskomnadzor Vadim Ampelonsky said that this is not the first time that political advertising is published on Google and Facebook platforms on the "day of silence." However, specific examples of such advertising were not provided by Roskomnadzor.

The head of the commission of the Public Chamber of the Russian Federation for the development of the information community, the media and mass communications, Alexander Malkevich, accused Google of interfering in the internal affairs of Russia. He said that when trying to find information in the search engine by the phrase "elections to the Moscow City Duma," an advertisement for the "smart voting" system promoted by blogger Alexei Navalny appears in front of links to reference information and the website of the Moscow City Electoral Commission.

First Deputy Chairman of the CEC Nikolai Bulaev also suggested that Google could influence voters in Russia, many materials can be attributed to "point" influencing a person.

Facebook said in response to the allegations that advertisers are responsible for compliance with election laws, and the company considers complaints of violations upon request.

If we receive an appeal that this or that advertisement violates local law, we consider it and take appropriate measures, the company said.

Google, commenting to Roskomnadzor on political advertising, said the company "supports responsible political advertisements." At the same time, Google did not specify whether political advertising was actually distributed on the corporation's websites on election day.^[36]

The number of attacks on the resources of the Ministry of Defense of the Russian Federation for 6 years increased by almost 60%

Over the past six years, the number of cyber attacks on information resources of the Ministry of Defense of the Russian Federation has increased by 57%. Such data in June 2019 was cited by the head of the Department of Information and Mass Communications of the Ministry of Defense of the Russian Federation, Major General Igor Konashenkov, during a round table within the framework of the Army-2019 forum.

"For six years, the number of attempts to disable critical information infrastructure facilities has grown by 57%," the general said.

The department is constantly faced with "various attempts at external information and technical influence" on its systems and Internet resources, Konashenkov noted.

According to him, since 2013, the Ministry of Defense has identified and neutralized more than 25 thousand incursions on the information resources of the Armed Forces.

Western intelligence hacked Yandex to spy on users

On June 27, 2019, Western intelligence hacked Yandex to spy on accounts. The company itself confirmed the attacks, but assured that the user data was saved. Read more here.

Americans admitted cyber attacks on Russian infrastructure

The New York Times (NYT) published an article in June 2019 on an increase in the number of American cyber attacks on Russian electric networks. In the material, experts referred to unnamed sources among former government officials who provided relevant information in an interview^[37].

The NYT article says that Russia's power grids were subjected to massive cyber attacks by the United States during the spring of 2019. The purpose of the attacks was to introduce malicious code into the system that could sabotage the operation of power grids. According to sources, this initiative was a reaction to statements by the FBI and the US Department of Homeland Security, in which the departments accused Russia of similar crimes. They argued that Russia sought to inject its own malware not only into American electricity grids, but also into water systems, gas and oil pipelines as precautions in case more conflicts break out between the United States and Russia.

The NYT stressed that Americans' retaliation could count as a warning. Meanwhile, the material did not say how successful the cyber attacks were, and whether the hackers managed to introduce their software into the Russian energy system.

2018

Microsoft accused Russia of interfering in the upcoming US elections

On August 20, 2018, Microsoft accused Russia of interfering in the US congressional elections to be held in November. According to the company, hackers associated with the Russian authorities created false sites that are potentially interesting to American politicians.

From a message on Microsoft's official website, it follows that in August 2018, the Microsoft Digital Crimes Unit (DCU) complied with a court order to transfer control of six Internet domains created by a "group closely associated with the Russian government," Strontium (also known as Fancy Bear and APT28). 

These cybercriminals created three fake sites of the US Senate, as well as two American conservative organizations: the Hudson Institute  and the International Republican Institute. However, Microsoft did not provide detailed descriptions of false domains

Now we are seeing another surge in attacks. In this case, expanding the type of websites they use is especially important, "said Microsoft President Brad Smith.

According to him, hacker attacks are carried out in order to "undermine democracy" in the United States, and Microsoft "has no doubt about who is responsible."

Brad Smith also noted that Microsoft is ready to provide free protection against cyber attacks to all congressional candidates, election campaigns and political organizations that use its products. 

Special Prosecutor Robert Muller, who is investigating possible interference Russia in the election, noted in his indictment that the hacker group Strontium is associated with the main intelligence agency of Russia. It was this group, according to the special prosecutor, that was involved in the hacking of the mail of the national committee of the Democratic Party, as well as the mailbox of the ex-secretary of state. Hillary Clinton^[38]

Pentagon plans to ban the purchase of software with Russian code

In July 2018, it became known that the Pentagon is compiling a list of vendors who use Russian or Chinese code in their software products to stop buying their products and prohibit this from their partners. At the legislative level, the ministry will also be prohibited from buying software, the development process of which had access to observers from China or Russia. Read more here.

Cyber ​ ​ division created in US NSA to fight Russia

"The Russians Are Coming"

Paul Nakasone, who heads National Security Agency the National Security Agency (NSA) and at the same time holds the post of head of cyber warfare, USA officially confirmed in July 2018 to the Bloomberg news agency the fact of creating a separate special unit "to repel Russian threats in cyberspace."^[39]

"I have formed a group in Russia - Russia Small Group," Nakasone said. "That's what the intelligence community really had to do after the 2016 [events] of 2017."

The Washington Post reported that the US NSA and its cyber military members intend to counter "Russian threats to US security" in the midterm elections in November, in which the House of Representatives of the US Congress (lower house) of 35 senators and 39 state governors will be re-elected.

"Russia has significant capabilities, and we certainly must be prepared for such a challenge," Paul Nakasone said last weekend during his speech at the annual Aspen Security Forum in Aspen, Colorado. "And if such a challenge follows, I believe, without any doubt we will be ready to oppose."

Strengthening the infrastructure of the NSA cyber military

In June 2018, The New York Times wrote that the Pentagon over the past few months has significantly expanded the capabilities of cyber warfare under the US NSA, granting them, among other things, the right to hack into enemy networks to protect American networks. Such powers indeed greatly expand the maneuver field for the NSA cyber warlords, since they were previously allowed mainly only to protect US networks. Also, the status increase, in all likelihood, also opened up additional opportunities "to protect against Russia," Bloomberg notes.

Attack on Cisco Network Switches

On April 6, the hacker group JHT attacked the critical infrastructure of a number of countries, including Iran and, Russia which led to a malfunction of a number of Internet providers data centers and some websites. In the attacks, attackers exploited a CVE-2018-0171 vulnerability in network switches Cisco with support for SMI (Smart Install) technology. Hackers overwritten the Cisco system image IOS and changed the configuration file, leaving a message in it with the text: "Don't mess with our elections...." (Don't interfere in our election) and an image of the American flag.

US officially accused Russia of cyber attacks on power plants

and U.S. Department of Homeland Security Federal Bureau of Investigation warned of attacks by "Russian hackers" on American government and commercial organizations, as well as critical infrastructure. The corresponding report was published on March 15, 2018, on the website of the US Computer Emergency Response Team (USA US-CERT)^[40][41]

According to the report, "Russian hackers" have been attacking American power plants and other critical infrastructure since at least March 2016. "Russian government hackers" launched a "multi-stage invasion campaign," during which they "infected networks of small commercial objects with malware, carried out targeted phishing attacks and gained remote access to networks of the electric power sector." Having gained access to the networks, the attackers studied them and collected information related to the APCS.

Neither the names of the affected companies nor the amount of damage caused to them are given in the report. Nevertheless, according to the authors of the document, hackers attacked domain controllers, as well as mail and file servers. In their report, the FBI and the Department of Homeland Security also refer to a Symantec study published in September 2017, which provides additional information about the current malicious campaign.

The White House was preparing a large-scale cyber attack on Russia

The White House was preparing a cyber operation against Russia in the summer of 2016, when Barack Obama was president of the United States, but later the development of this plan was canceled. This is described in the book "Russian Roulette: The Story of Putin's War Against America and the Election of Donald Trump," excerpts from which are published by Yahoo News.

According to Daniel, the development of the plan, in addition to himself, was carried out by Celeste Wallander, who oversaw the Russian direction in the National Security Council at the White House^[42].

The plan involved the National Security Agency conducting cyberattacks to neutralize Russian sites and the hacker Guccifer 2.0, who hacked the emails of Hillary Clinton's campaign headquarters and the Democratic National Committee. It was also planned to block the DCLeaks.com website, which disseminated information stolen from Democrats.

The authors of the cyber attacks proposed to organize a leak of information about secret bank accounts in Latvia to the daughter of Vladimir Putin, "which will slap in the face for the Russian president and anger him." Among the plans was also to throw information into the Russian media about Putin's assets, mistresses of officials and corruption in United Russia. In addition, the plan implied the implementation of DDoS attacks on the sites of the Russian media, as well as attacks on Russian intelligence structures to disrupt the operation of their communication nodes. As the authors of the book were told, as a result, Obama's national security assistant Susan Rice and the ex-president's assistant on counterterrorism Lisa Monaco were put on this plan. They expressed fears that details of the operation would be leaked to the media.

The investigation into the interference attributed to Russia in the American elections, as well as Trump's alleged ties with Russia, which are refuted in the White House and the Kremlin, is led by independent special prosecutor Robert Mueller, as well as the US Congress. In Moscow, all accusations have been denied more than once, calling them unfounded. As President Vladimir Putin said in an interview with NBC, Russia has no goals that could be achieved by such interference.

2017

Endowing the FSO with the functions of cyber warfare

Russian President Vladimir Putin signed a decree on February 27, 2018 on amending the regulation on the Federal Security Service. The list of powers of the service was replenished with participation in "conducting information confrontation activities" and ensuring the work of the "departmental center of the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation under the jurisdiction of the FSO." The document entered into force on the date of its signing. Read more here.

The United States rated the threat of cyber attacks from Russia and China at 8 out of 10 points

The acting head of the US Department of Homeland Security, Elaine Duke, estimated the cyber threat posed by Russia and China at 8 points out of 10, RIA Novosti reported.

During a hearing in the US House of Representatives, Duke said that Russia and China pose a serious threat to US cybersecurity. "On a scale of 1 to 10, I would say probably 7 or 8," she noted. Also acting The head of the DHS emphasized growing concern in view of possible cyber attacks on the country's critical infrastructure.

See also:

• Critical Information Infrastructure of Russia
• Security of critical information infrastructure of the Russian Federation

Google forced to fight truth by blocking RT and Sputnik news

Google is working to create an algorithm for filtering news containing Russian propaganda. This was announced in November 2017 by the head of Alphabet holding Eric Schmidt, naming the sites of the Russia Today TV channel and Sputnik as the main sources of propaganda.

According to Schmidt, Google's intention is only to hide RT and Sputnik news from Internet users in order to counter "Russian propaganda" and "spread disinformation," while there is no talk of a complete ban on resources - Google does not use such methods, the top manager emphasized.

The head of Alphabet also said that he opposes censorship, but 2016 showed that the audience cannot independently recognize "fakes."

At first, in the United States, it was something obvious that "bad" content would replace "good," but last year we were faced with the fact that in some cases it may not be so, especially when your opponent receives good funding and is actively trying to disseminate such information, "Schmidt said.

As of November 21, 2017, Sputnik news was still displayed in Google search. Eric Schmidt commented on the situation as follows:

We are working to find things like this and downgrade such sites in the news outlet. Basically, we are talking about the sites RT and Sputnik.

However, how exactly Google plans to reduce the positions of RT and Sputnik in its search engine, the representative of the Internet giant did not explain, adding only that he was personally a supporter of "ranking" sites.

The State Duma has already commented on Schmidt's statement on the method of combating Russian propaganda, calling the filtering of the Russian media an open form of information warfare. So, according to Andrei Svintsov, deputy chairman of the information policy committee, Google's implementation of the announced plans will result in a powerful blow to RT and Sputnik, since links to them will actually disappear from Google news. He also believes that the State Duma should take mirror measures against the American media in Russian search engines.

It is noteworthy that earlier the representative office of the Russian TV channel RT and the translator of the state radio Sputnik, at the request of the American authorities, registered in the United States as foreign agents. In retaliation, the State Duma passed a bill introducing a similar status for foreign media in Russia. ^[43]

The head of the CIA accused the Russian Federation Wikileaks of destabilizing Western democracy

Russia and the organization WikiLeaks are trying to destroy democracy in the West. Moreover, WikiLeaks is actually a hostile USA intelligence structure. This statement was made by Director U.S. Central Intelligence Agency Michael Pompeo.

The activities of state and non-state actors who seek to "blur" democracy and the rule of law around the world are one of the threats facing the CIA, Pompeo noted.

"This includes groups like WikiLeaks - a non-state enemy intelligence service that recruits spies, rewards people who steal legitimate secrets and uses this information to undermine Western democracies. And this, of course, includes the Russian government, which has long been the main figure in the world practicing "active measures." This has been going on for decades, "TASS quoted the director of the intelligence service as saying

.

According to Pompeo, the US special services need to carefully monitor Russia, but at the same time "not react excessively"^[44].

Creation of a joint cyber group

In July 2017, the Russian president Vladimir Putin and the head USA Donald Trump held the first personal meeting on the sidelines of the G20 summit in Hamburg. One of the topics of the conversation was devoted to cybersecurity, which was discussed for about 40 minutes. In total, negotiations between the Russian and American leaders lasted more than two hours.

After this meeting, Russian Foreign Minister Sergei Lavrov said that Russia and the United States had reached an agreement on the formation of a joint working group on cybersecurity.

It is agreed that all these issues in the complex, including the fight against terrorism, organized crime, hacking in all its manifestations, will become the subject of bilateral Russian-American interaction, - said the head of the Russian diplomatic service, noting that Moscow and Washington will create a working group to realize these goals.

According to Lavrov, the purpose of creating a bilateral mechanism for working on the cybersecurity problem is to try to determine how to interact in the field of information protection in order to henceforth prevent interference in the internal affairs of states.

US Secretary of State Rex Tillerson also commented on the outcome of the talks. He confirmed that the countries will create a working group to develop a framework agreement on cybersecurity and non-interference in each other's affairs.

However, Donald Trump later said that he did not believe in the possibility of creating a bilateral group on cybersecurity issues.

Just because President Putin and I were discussing a cybersecurity group doesn't mean I believe it could happen. Can't. But a ceasefire can, and it happened! - wrote the US President on his Twitter blog on July 9, 2017.

Trump did not post any further comments on this in his microblog. He did not explain whether his current remarks should be seen as a de facto rejection of the agreement he had just reached with the Russian president.^[45]

The Washington Post: US has developed a secret cyber weapon to respond to hacker attacks from Russia

US President Barack Obama ordered electronic measures in response to Russian interference in the 2016 presidential election. This is stated in the investigation of The Washington Post, published on June 23^[46][47].

According to the publication, we are talking about the preparation of a special secret program, which involves identifying a vulnerability in the electronic infrastructure of the Russian Federation and introducing "implants" into Russian networks in order to be able to disable them at the right time.

The development of "implants" was entrusted to the US National Security Agency (NSA). It is assumed that the American government will be able to intensify them in the event of new aggression from Russia, including in the event of future hacker attacks.

The operation is at the initial stage. The departments that were entrusted with the assessment of the program considered the work of the "implants" "little to control," but came to the conclusion that in some conditions their use could become a proportional response to aggression from Russia.

The decision to use the program will have to be made by Obama's successor as president - Donald Trump. However, to continue its development, the American special services do not need the approval of the new president, although he will be able to cancel it by issuing a special order. So far, no such order has been received, sources tell The Washington Post.

US Justice Department formally blames FSB officers for Yahoo hack

In March 2017, the US Department of Justice formally charged three Russian citizens and a citizen of Kazakhstan with hacking into Yahoo Corporation servers in 2014, as a result of which 500 million mail accounts were leaked. Of those four, two in the charge are named as intelligence officers, while the other two are named as hackers "hired by the Russian authorities."

One of the accused is Dmitry Dokuchaev, an FSB officer who was arrested in Moscow in December 2016 on charges of high treason. He is suspected of transferring classified information to the US intelligence services.^[48]

Among the rest of the accused are Igor Sushchin, Alexey Belan, also known as Magg, and Karim Baratov, known as Karim Taloverov, Karim Akekhmet Tokbergenov and under the pseudonym Kay (Kai).

The US Department of Justice has charged them with dozens of charges, including wire fraud, mass identity theft and commercial secrets, and economic espionage.^[49]

In a published statement, ministry officials indicate that hackers used the stolen information "to gain unauthorized access to the contents of accounts in Yahoo, Google and other mail service operators, including accounts of Russian journalists, American and Russian government officials and employees of commercial companies in financial, transport and other sectors of the economy."

The hackers sought access to the accounts of the deputy chairman, a Government of the Russian Federation Russian officer, Ministries of Foreign Affairs a coach working for Ministry of Sports and other senior officials, the indictment said. The accounts of the Kommersant-Daily journalist and one of the leaders of the Russian service provider were also hacked.

According to the prosecution, Dokuchaev and the company also actively hacked the accounts of foreign politicians and entrepreneurs. The names of the victims in the charge are not indicated, only positions and, if we are talking about commercial companies, sectors of the economy, to which they belong.

The indictment says that Dokuchaev and Sushchin were employees of Center 18, the cyber division of the FSB. As for the other two suspects, Alexei Belan's name FBI is on the list of the most wanted cybercriminals. He has already been accused of trying to hack US government organizations. Karim Baratov has citizenship of Kazakhstan and Canada. To Canada And it was in him who was arrested - the only one of all the accused.

Belan and Karimov, among other things, are accused of conducting spam campaigns using hacked accounts for personal earnings. The attackers used a sophisticated cookie tampering scheme to bypass password protection and access mailbox content.

Yahoo first announced the massive hack in September 2016. At the same time, representatives of the company said that a certain unnamed state was behind the attack. In December, Yahoo was forced to admit an even more massive hack (then the data of 1 billion Yahoo accounts leaked).

Putin accused of direct involvement in hacker attacks in the United States

In January 2017 American intelligence , she accused of Vladimir Putin involvement in cyber attacks USA during the election of the head. states The report, published by the Office of the Director of National Intelligence of the United States, says that allegedly Vladimir Putin ordered the start of a "campaign to interfere" in the presidential election. Her goal was to "undermine public confidence in the democratic process in the United States" and discredit the Democratic presidential candidate. The Hillary Clinton report says that CIA FBI and "firmly believe in this";

The US National Security Agency expresses "moderate confidence" in this version. According to American intelligence, the Main Intelligence Directorate of the General Staff of the Russian Armed Forces is behind the cyber attacks. It allegedly used the help of a hacker (or hacker group) Guccifer 2.0, and the information received was made public using the sites WikiLeaks and DCLeaks. Guccifer 2.0 communications with Russia denies^[50][51] of^[52][53].

The report does not contain convincing evidence of Putin's involvement in cyber attacks. The published document is a public version of a classified report that lacks some of the intelligence.

"Many of the key conclusions in the document rely on a set of messages from different sources that share our understanding of Russian behavior," the report said.

The authors base other conclusions on an analysis of the behavior of politicians loyal to the Kremlin, state media (in particular, the Russia Today TV channel) and individual users of social networks - "trolls" who, according to American intelligence, carried out the order of the Russian authorities.

US intelligence considers Russia a major threat in cyberspace

Moscow has capabilities that threaten the US government and American military infrastructure, according to a statement prepared for Congress.^[54].

US intelligence believes that Russia has a developed offensive cyber program that threatens the United States government and the country's important infrastructure. Such conclusions are contained in a joint statement by the Director of National Intelligence, Cyber ​ ​ Command of the US Armed Forces and the Pentagon, prepared for Congress.

- Russia is a full-scale actor who poses a major threat to the US government, military, diplomatic, commercial and critical infrastructure, as well as key resource networks, thanks to a highly developed offensive cyber program and sophisticated tactics, techniques and procedures, - said in a statement.

2016

Obama imposes sanctions on Russia "for cyber attacks that affected the US presidential election"

Ministry of Finance USA announced at the end of 2016 the introduction of new sanctions against Russia cyber attacks, the purpose of which was to influence the election of the US President^{[55] [56]}the ^[57]

Foreign sanctions against Russian citizens and companies

Sanctions were imposed on the FSB and GRU, as well as three companies - DCC Security (Esage Lab), the Autonomous Non-Profit Organization "Professional Association of Informatics System Designers" (APO PO KSI) and the "Special Technological Center." According to a statement by US President Barack Obama, these companies provided material support for GRU cyber operations.

The head of the Main Directorate of the General Staff of the RF Armed Forces (GRU) Igor Korobov, his deputies Vladimir Alekseev, Sergei Gizunov and Igor Kostyukov, as well as hackers Alexei Belan and Yevgeny Bogachev fell under personal sanctions.

According to Barack Obama, the United States also declared 35 Russian diplomats persona non grata. According to Reuters, they are ordered to leave the country within 72 hours.

Later, the US Intelligence Services prepared two reports: one - secret, which was presented to Obama, the second - "public," it was released later. From the information that the American special services managed to obtain, it follows that Russian officials "celebrated" the victory of the former Republican Party candidate Donald Trump in the elections. They were able to obtain this information after the publication of the voting results thanks to the interception of messages in which officials congratulate each other. WP writes that some of the Russian authorities assess this victory as geopolitical.

WP sources emphasize that although these reports are assessed as providing a strong preference for Trump's victory, they still cannot be considered as indisputable evidence of the participation^[58] Russian special services in interfering in the US presidential election^[59].

Particular attention is paid to the goals of "Russian interference" in the elections. According to American officials, initially Moscow planirovala​​ allegedly "undermine confidence in the US elections" and "undermine the legitimacy of the alleged victory of [former US presidential candidate Hillary] Clinton." However, over time, as Trump became "more competitive," Russia's goals changed, became "more ambitious," and the task became "to tip the hotly disputed presidential race to a candidate" whose views coincide with Moscow's foreign policy. At the same time, according to the newspaper, high-ranking Russian officials expected Clinton to win. The interlocutor of the publication emphasizes that for Moscow, the Republican's victory in the elections was as much a surprise as for the rest of the world.

One of the officials interviewed by The Washington cyber attacks Russia Post believes that in addition to using social media and fake news to undermine the reputation of the Democratic candidate. Such actions, according to intelligence officials, could be due to [Russian President Vladimir] Putin's "personal hostility towards Clinton, which he accused of inciting demonstrations To Moscow in 2011-2012."

Another US politician, who got acquainted with the report presented to Obama, said that "there are various material evidence and factors that most likely allow the intelligence community to judge" that Russia's actions were aimed at helping Trump.

US: evidence of involvement of Russian hackers in hacking voter registration systems discovered

In September 2016, it was announced that 6 of the 8 IP addresses allegedly used in the attacks belong to a Russian hosting company. ThreatConnect^[60] have discovered a connection between recent attacks on voter registration systems in the United States and malicious campaigns allegedly carried out by hackers linked to the government of the Russian Federation^[61]

In the notification, the FBI indicated the technical details of the attacks, including the IP addresses that appeared in both incidents. According to an analysis conducted by ThreatConnect experts, these IP addresses have been repeatedly contacted by underground Russian hacker forums. In particular, some of them belong to FortUnix Networks, whose infrastructure was operated in attacks on Ukrainian energy companies in December 2015.

According to experts, one of the IP addresses (5.149.249.172) was used in the past in phishing attacks aimed at political parties in Turkey and Germany, as well as the Ukrainian parliament . During the study of the activity of the IP address, a number of additional factors were also found that indicate its connection with one of the Russian groups allegedly working by order of the Russian government.

The researchers were able to access the C&C server used in the above phishing campaign. They found a total of 113 letters written in Ukrainian, Turkish, German and English. As it turned out during further analysis, one of the domains used to host phishing content was registered to an email address associated with a domain previously featured in the campaigns of the APT 28 group, also known as Fancy Bear, Pawn Storm, Sednit and Sofacy.

FBI launched an investigation into the attacks of "hackers from Russia" on the American media

In August 2017, it was announced that the FBI and other US intelligence agencies were investigating cyberattacks recorded in recent months against The New York Times and other US publications, CNN^[62] reported^[63], citing knowledgeable^[64] sources^[65] into^[66][67].

According to the channel's interlocutors, the investigation believes that the attacks on the American media were carried out by hackers, behind which is Russian intelligence, and the hacks themselves are part of a wider series of attacks aimed, including at the US Democratic Party.

According to the channel's sources, representatives of the American special services believe that a series of recent hacks show that the Russian special services are using a wave of attacks, including against think tanks in Washington, to collect information from a wide range of non-governmental organizations that have access to the US political system.

The media is seen as top targets because it can provide valuable information about reporters' contacts within the government, as well as unpublished material with sensitive information, sources tell CNN.

American spyware found in networks of authorities and military structures

The FSB announced in July 2016 the discovery of espionage software in the computer networks of state authorities, scientific and military institutions, enterprises of the military-industrial complex and other critical infrastructure facilities.

The FSB said in a statement that "the computer networks of about 20 organizations located in Russia" were infected with viruses. The names of these organizations are not indicated in the message.

The FSB reported that malware was introduced as part of a professionally planned operation. The viruses, according to the FSB, were in the attachments to the emails.

State Dumas Dmitry Horovtsov, Deputy Chairman of the Committee on Security and Anti-Corruption, said that virus for cyber espionage, which he identified FSB in computer networks state agencies and was MIC launched, the radio USA station "Says" reports. The Moscow^[68]

"This is beneficial primarily to the Americans. Microsoft, Oracle. Their software (I'm not talking about hardware anymore) has flooded everything and everything, and, of course, they pose a threat to our information security and not only information security, "he said.

The deputy noted that the identification of the virus is direct evidence that control over the software in Russia has not been established. He added that more than ten years ago, the initiative to transfer all software to domestic counterparts did not find the support of the majority, in connection with which, according to the parliamentarian, the country was under threat.

According to Horovtsov, "the database management system is a key that allows you to activate aviation, missiles" and it is "not in our hands."

Symantec and Kaspersky: American state hackers attack Russia

In August 2016, cybersecurity experts announced a massive hacker attack on a number of countries, including Russia. The purpose of the group, behind which the American special services are supposedly standing, were state institutions, military and scientific organizations, mobile operators and banks^[69].

US accuses Russia of hacking Democratic Party email

In June 2016, the US government announced that the computer network of the US Democratic National Committee was hacked twice: in the summer of 2015 and in April 2016. The attacks were carried out by the hacker groups Cozy Bear and Fancy Bear. The criminals gained access to the chats and mail of politicians of the democratic wing, and also found their dossier on the Republican presidential candidate Donald Trump (Donald Trump).

Since the hackers did not become interested in the financial data of the Democrats, the purpose of the hack was defined not as enrichment, but as espionage. The most likely candidate for the role of cyber spy, the United States considered Russia, which denied any involvement in the attacks. During the discussion, some Americans started talking about the fact that other countries should not be accused of cyber espionage, when Washington is also constantly engaged in^[70].

The DNC correspondence was published on July 23 on the WikiLeaks website. More than 19 thousand emails and more than 8 thousand documents from the official correspondence of key DNC functionaries (financial director Jordon Kaplan, communications director Louis Miranda and several others) from January 2015 to May 2016 were leaked.

The US President Barack Obama in an interview with NBC did not rule out that Russian hackers could be involved in hacking the servers of the Democratic Party USA and leaking the correspondence of the party leadership.

Press Secretary of the Russian President Dmitry Peskov responded to the accusations of the US Democrats by refuting any involvement of the Russian authorities or officials in hacker attacks^[71] of the^[72].

Hackers who hacked into the US Democratic Party could deliberately leave a "Russian mark." Representatives of American intelligence told Reuters about this. Experts on condition of anonymity said that hackers deliberately wanted to expose themselves as Russians, leaving Cyrillic characters in metadata and stopping activities on religious and public holidays in Russia.

Reuters sources in the American intelligence community told why it is undesirable to accuse Russia of involvement in the latest hacker attacks. In their opinion, this could lead to a global confrontation with Moscow^[73]. if the White House publicly accuses Russian intelligence agencies of hacking, then it will be required to disclose evidence of their involvement, which is based on information from top secret sources and top secret methods. The US response against Russia in cyberspace will lead, according to Reuters interlocutors from the intelligence community, to a rapid escalation of mutual countermeasures. They fear that in the worst case, Russian hackers will penetrate American energy systems, financial institutions and other significant infrastructure.

Russian President Vladimir Putin believes that the hacking of the National Committee of the Democratic Party of the United States and the subsequent publication of the stolen emails and documents brought undoubted benefits to society, but Russia has nothing to do with this.

"Does

it matter who hacked? The main thing is the information provided to the society, "the president said in an interview with Bloomberg reporters on September 2, 2016. - Do not divert public attention from the true problem, raising minor issues related to the search for those who did it. However, I repeat once again that I do not know anything about this, and at the state level Russia has nothing to do with it. "

The head of the NSA called Russia the most dangerous country in cyberspace

In April 2016, the head of the US Cyber ​ US Cybercom, director of the National Security Agency and head of the Central Security Service, Admiral Michael Rogers, included Russia in the list of major threats in cyberspace. Moreover, in his^[74] (PDF), he mentioned it first. The report was submitted to the Armed Forces Committee, the chairman of which, by the way, is John McCain, who adheres to a tough policy towards Russia^[75].

Michael Rogers called Russia the main threat in cyberspace

The report says that Russia, along with China, Iran and North Korea, is among the group of countries whose activities in cyberspace are "watched most closely" by the Rogers team.

The states that we watch most closely in cyberspace remain Russia, China, Iran, and North Korea. Russia has very capable cyber operators who can and do work with speed, precision, and stealth. Russia is also home to a substantial segment of the world's most sophisticated cyber criminals, who have found victims all over the world. We believe there is some overlap between the state-sponsored and criminal elements in cyberspace, which is of concern because Russian actions have posed challenges to the international order.

"In Russia there are quite powerful cyber forces that can act with high speed and accuracy, remaining in the shadows. Russia also has some of the most professional cyber fraudsters in the world, whose victims are around the world. We assume that there is a connection between hackers acting on behalf of the authorities and criminal elements in cyberspace. This is worrying because Russia's actions violate the world order, "Rogers said

.

Russia is forced to spend $250 million on US cyber support

Russia plans to significantly increase its arsenal in cyberspace, as it believes that this is necessary to contain the United States, which has entered the arms race in this area, according to SC Magazine UK^[76].

Thus, Russia intends to follow a doctrine similar to nuclear deterrence. She suggests that weapons are not created for the offensive, but in order to deter the enemy from using the same weapon.

Every year, the Russian authorities plan to spend $200-250 million on the creation of cyber weapons, a source close to the Russian Ministry of Defense told SC Magazine UK. Some of these funds will be used to develop malicious computer programs that can harm enemy control points and critical infrastructure elements, including banking systems, power plants and airfields.

The representative of the FSB of Russia, on condition of anonymity, told SC Magazine UK that the formation of a deterrent system in cyberspace is a response to similar measures announced by the United States in early 2015. He added that Russia is among the countries that seek to gain opportunities to prevent conflicts in cyberspace.

2015

Kaspersky Lab report on the Equation group hacker group

At the SAS conference, the Russian antivirus company Kaspersky Lab presents a report on the most advanced and organized hacker group of all that has ever been identified. The tools of this hacker group studied by Kaspersky were distinguished by an unusual implementation of cryptographic functions, thanks to which the group was called Equation group^[77].

Having examined, as far as possible, the infrastructure of Equation command servers, Kaspersky specialists drew attention to the registration dates of the domains leading to these servers. There was 2001, and even 1996. Judging by the number of domains registered in different years, serious research work in the field of cyber weapons began in the mid-nineties, and in 2001 the Equation group began active actions, hacking private and public systems.

A year after the Kaspersky report, the hacker group, which called itself Shadow Brokers, managed to steal and publish the full set of tools used by Equation. Their names turned out to be familiar to cybersecurity specialists. All of them were in the NSA tool catalog, which had been published a few years earlier by NSA fugitive Edward Snowden. In general, Kaspersky's research and subsequent leaks allowed Equation to be attributed to the NSA division, which was then called Tailored Access Operation, and now Computer Networks Operations.

The tools and tactics used by Equation amaze the imagination of specialists: in their cyber weapons they exploited vulnerabilities that became known to the cyber community only years later. Undocumented software and equipment capabilities known only to manufacturers were used to develop the tools. It seems that a number of vulnerabilities were deliberately laid down by manufacturers at the request the American state of organizations. The Kaspersky report estimated the scale of the group's activities: 2 thousand infections per month, and the cyber operations themselves were directed against thirty countries.

"Pro-Russian hackers" attacked the NATO country and the American information security organization with a rare vulnerability - Trend Micro

Experts recorded the first attack in two years made using a vulnerability in Java. It is assumed that pro-Russian hackers^[78] are behind it^[79].

Analysts from the antivirus company Trend Micro have recorded a cyber attack on a country - a member of the NATO alliance - and an American organization specializing in national security. The vendor announced this in the summer of 2015.

The attack is notable for the fact that hackers exploited an unknown vulnerability (the zero-day vulnerability) in the Java runtime to carry it out. She allowed victims' computers to be hacked by sending malicious emails. Experts stressed that this is the first time in two years (since 2013) that attackers used the 0-day vulnerability in Java.

2014

Russia allegations of attacks on US companies handling classified data

Researchers at a California defense company FireEye cyber security tried to find out who made his way into the corporate network of one of the American companies in the summer of 2014, which stored secret military data^[80]

They found that a virus penetrated the local network, capable of infecting computers that are not even connected to the Internet, as well as hiding from detection.

The program, called Sofacy, was created using the Russian language, and the development itself took place during working hours Moscow time. The researchers concluded that in this case the spy ON sponsored the state - and this is about. Russia

FireEye analysts note that they were surprised when this company approached them: despite the fact that it had lost confidential data, the hack was clearly not carried out by hackers from China.

The tools used for hacking were reliably protected: they encrypted the stolen data so that it resembled traffic from the victim's email. According to FireEye, the group that developed them has been active since at least 2007 and regularly updates its programs.

Artem Baranov, a leading virus analyst at ESET Russia, told Gazeta.Ru that the data cited by FireEye is comparable to the observations of ESET analysts and other antivirus companies. In particular, we are talking about attacks on Georgian users in August 2008, when there was a conflict between Russia and Georgia. These attacks used Russian-born malware BlackEnergy, written by a Russian author. Its distribution mechanism is similar to that described by FireEye in its report.

As for the countries of Eastern Europe, our research laboratory has already published information about the involvement of the BlackEnergy bot in attacks on these countries.

Computers with confidential information are often disconnected from the Internet to protect against leaks, but flash drives were used to transfer data to them. It was through them that Sofacy was able to get to secure computers.

The authors of the code regularly made changes to it from 8 am to 6 pm Moscow time, which leads researchers to believe that the program was written in the office. Most of the computers used by hackers used Russian.

In addition to FireEye, other cybercrime defense companies previously published three more reports that reported Russia's connection with a complex hacker attack in 2007. The targets of the attack included NATO, the governments of neighboring Russia countries, as well as collaborating Ministry of Defence USA with Science Applications and Academi LLC.

From these studies, American experts conclude: Russia has a team of high-class hackers with which the country spies on other states.

US Director of National Intelligence John Clapper noted that if we talk about cyber attacks, Russia worries him more than China.

In addition, it is difficult to distinguish Russian criminal hackers from hackers working for the state, since both use both tools developed by criminal groups of hackers and tools developed by the state, Clapper added. Thus, the United States has not yet been able to find out who exactly was behind the leak of data on the secret military system in 2008.

Russia's cyber espionage allegations

In early 2014, the American cyber defense company CrowdStrike accused Russia of large-scale espionage in Western and Asian companies, follows from the CrowdStrike report. CrowdStrike said it had evidence of Russian government-orchestrated espionage in U.S., European and Asian energy and health care companies and government agencies. The goal of Russia is to strengthen economic positions in the main industries, said Dmitry Alperovich, CTO of CrowdStrike^[81].

A group of Russian hackers whose activities CrowdStrike followed for two years - in 2012-2013, is called Energetic Bear. Hackers have implemented malware injection through popular document readers such as Adobe Reader, according to the company. The company believes that the group's activities were carried out in the interests of some Russian structures, possibly with the support of Russian government organizations, as indicated by technical indicators, as well as an analysis of espionage targets and stolen data. So, according to CrowdStrike, all the objects of attacks of the Energetic Bear group were outside the Russian Federation: most of them (about 25%) in the United States, more than 25% in the EU countries, about 12% in Japan, etc., in a total of 23 countries.

CrowdStrike's annual report on cyber threats also mentions hackers from China and Iran and the Syrian Electronic Army. CrowdStrike previously accused the Chinese authorities of espionage in 2005, but China actively denied the accusations.

2012: Plan for the creation of cyber command in the Armed Forces of Russia

In March 2012, information was circulated that Cyber ​ ​ Command may appear in the Russian Armed Forces. There is still little information on this initiative. It is possible that the new structure, which may be created, will, among other things, solve the tasks of ensuring the protection of strategically important objects from cyber threats, and pursue the state interests of the country in cyberspace. The issue of creating such a structure in Russia is also interesting from the point of view of the development of private-public partnership, for example, the transfer of some specific tasks to outsourcing.

It is not yet known what tasks the new unit in the structure of the Russian army will solve, whom to obey, and so on. Although this topic has been raised at different levels for a long time. The day before, according to media reports, Deputy Prime Minister Dmitry Rogozin mentioned existing plans during a meeting with military scientists, saying that the issue of forming a cyber command is currently being discussed.

In the Russian armed forces today, the partially indicated tasks are solved by the corresponding unit - the electronic warfare troops, which are responsible, among other things, for such tasks as protecting the control systems of troops and weapons from enemy attacks, as well as disrupting the operation of strategic control systems of enemy troops. Now more and more electronic equipment is appearing in the Russian army. These are communications, information processing, and directly military equipment with electronic "stuffing" (for example, unmanned aerial vehicles). In the current realities, even just a loss of communication can be very critical, and the leak and distortion of information is even more severe.

As for the situation with such structures that is observed in the world, for example, if we start from official data, the existing cyber divisions in the armed forces of various countries of the world can be called quite young. For example, USA the DARPA (Defense Advanced Research Projects Agency) cyber command was officially created in 2009 to counter hackers. There are similar structures in Israel Great Britain other countries. On the other hand, it is obvious that special groups responsible for information protection and sabotage in cyberspace existed before.

The practice of private-public partnership in the field of information security in the world is quite developed: from attracting individual specialists from well-known companies to using the resources of entire companies to solve specific problems. Moreover, if in some areas the interests of the state and private companies intersect. It is no secret that Russian information security companies are among the leading players.

2011: US intelligence: Russia uses computers to steal technology data from US companies

The times of the Cold War have long passed, but USA does not cease to see Russia the aggressor: this time the American government is seriously afraid of cyber threats emanating from the post-Soviet space.

Aggressively conducting cyber espionage around the world, the United States fears retaliation from China, Russia and other countries. They believe that such attacks could be aimed at collecting strategic information about pharmaceutical and industrial enterprises. This is stated in the official report of the US National Counterintelligence Executive (Office of the National Counterintelligence Executive). It also provides recommendations to strengthen the protection of corporate information networks.

"Figures from China are the most active participants in economic espionage, moreover, their conscience bears the greatest burden of guilt," the report said. The following is said about Russia: "Russian intelligence officers conduct a number of events to collect information, including about technologies, in the United States."

The times of the Cold War have long passed, but the United States never ceases to see in modern Russia an aggressor and fears cyber war

Information on smartphones and laptops is also an attractive target for cyber spies. Cryptographic tools, tiered authentication and real-time network monitoring should help protect these devices.

Thus, the report cites as a negative example the case of Dongfan Chung, an engineer at Rockwell and Boeing, who worked on the creation of the B-1 bomber and kept about 250,000 documents on the project at home.

In November 2011, "Russian hackers" were unsubstantiated accused of an attack that disabled a water pump at a water supply station near American Springfield, serving about 2,000 residents in rural areas.

American experts consider this incident the first of its kind - foreign hackers carried out a successful cyber attack aimed at an industrial facility in the United States.

1982: CIA blasts Soviet gas pipeline

US CIA officers have introduced a bug into Canadian software that managed gas pipelines. Soviet intelligence received this software as an object of industrial espionage and introduced it on the Trans-Siberian pipeline. The result was the largest non-nuclear explosion in human history, which occurred in 1982.

Notes