Russia tests US red lines on cyber attacks

Russia tests US red lines on cyber attacks

Sunday's ransomware attack on Kaseya and its customers and the alleged hacking of Russian security hackers on Republican Party servers constitute a serious test of the US-designated red lines during the June US-Russian summit in Geneva, the New York Times wrote on Wednesday.

The journal notes that both attacks, the first of which may have been the largest ransomware attack in history, occurred at roughly the same time, and in both cases, a shadow of suspicion falls on hackers from Russia.

Cybercriminals from the Russian REvil group are said to be behind the attempt to extort a ransom from Kaseya and its customers, but experts say the attack was to be exceptionally technically advanced for a criminal group.

Meanwhile, according to reports by Bloomberg, a hacker group called CozyBear from the Russian Foreign Intelligence Service (SWR) was supposed to be behind the attempt to hack into the systems of the National Committee of the Republican Party - the same that broke into the Democratic Party's servers in 2016 and attacked Solarwinds and its customers. However, the details of the latest attack are not fully known; Republican IT service provider Synnex is known to have been attacked. At the same time, the GOP itself stated that there was no evidence that burglars had gained access to its data.

"The new attacks seem to cross many lines that (President Joe) Biden was no longer expected to tolerate," writes the daily.

The "NYT" points out that on Saturday, the day before the attacks, Russian President Vladimir Putin gave a speech on a new national security strategy. The document includes, inter alia, stating that "traditional spiritual-moral and cultural-historical values ​​are being attacked by the US and its allies" and it is envisaged to take "symmetrical and asymmetrical measures" to defend against "hostile actions" by foreign states.

According to CSIS think tank cybersecurity expert James Lewis, these things were related. "Biden did well to set the boundaries, but when you're a thug, the first thing you do is a test that boundary. That's what we see," said the expert.

The "NYT" reminds us that the US president announced a strong response in the event of crossing the red lines, suggesting the possibility of offensive actions in cyberspace. However, US responses to Russian cyberattacks have so far been cautious for fear of the risk of an escalation in cyber warfare, to which U.S. infrastructure is particularly vulnerable.

Cited by the NYT, University of Texas security expert Bobby Chesney believes a lot depends on the details of the attack on the Republicans and whether "it was a blindly two-shot shot or an accurately measured shot at a target from foreign intelligence." In his opinion, in the case of the former option, it would exceed the defined limits, while the latter may be considered a standard intelligence-gathering operation.

So far, the White House has not responded to this second attack. Speaking of the ransomware attack, President Biden said Tuesday that preliminary reports indicated that the damage to US companies was "minimal". His spokeswoman Jen Psaki also pointed to Kaseya's assessment that the attack did not affect critical infrastructure. She also emphasized that the USA took the matter seriously and reserved the right to an appropriate reply. She added that regardless of whether or not the Russian authorities were involved in the attack against Kaseya, they were ultimately responsible.

Biden himself stressed on Tuesday, without giving details, that the United States has considerable potential for retaliation in cyberspace.

From Washington, Oskar Górzyński (PAP)

Read also