This is component five of a line,’ Lessons from the first cyberattacks. ‘ , Study part one,  , part two,  , piece three and part four.
Russia began expanding its targeting of American states after initially becoming aware of cyberattacks against Ukraine and Georgia, especially after Putin’s second invasion of Ukraine in 2014. According to past US embassy to Russia Mike McFaul, Russia wanted to foster instability in Western governments and undermine the legitimacy of political processes.  ,
Following the unlawful annexation of Crimea, Russia engaged in smaller- level distributed- rejection- of- company ( DDoS ) attacks to take out websites. Yet, it would grow sharper in its attacks against the West. In 2015, German researchers found that hackers had safely breached the computer system of the Bundestag, the European legislature.  ,
Due to the significance of the intended institution, which Germany believed Russia wanted to steal info to stymie its democratic elections, was thought to be the most important cyberattack in European history. The Christian Democratic Union ( CDU), the political party that was then led by Chancellor Angela Merkel, was targeted in a cyberattack in 2016.  ,
In an effort to get access to sensitive information, the intruders targeted the CDU. To gain access to internal communications and potentially sensitive data, the main goal was to obtain party members ‘ bill names and passwords. But, the attack was not effective. However, it continued to demonstrate to Russia that it was capable of engaging in cyberwar against the West without fear of retribution.
Russia has been the target of a number of attacks against the UK that targeted different industries. The UK has been one of Ukraine’s strongest American sponsors since Russia’s first war in 2014. The Federal Security Service ( FSB ) organized one of the most significant cyberattacks attributed to Russia.
The FSB’s Center 18 and its product Star Blizzard have been linked to by the UK authorities as being concerned for persistent attempts to smear influence over British politics. This included hacking of UK-US business documents before the 2019 general election, hacking of think tanks, and breaches of civil society organizations. Parliamentarians from a variety of political parties were lance phished from 2015 onward. The attacks sought to leak key documents and undermine confidence in UK politics and political processes.
Russian hackers targeted West-based oil and gas companies in an industrial destroy campaign in 2014.  ,
Since Russia’s invasion of Ukraine, the US has been the victim of significant cybercrime. The most famous event occurred in 2016 when Russian hackers hacked into the Democratic National Committee and emailed WikiLeaks sensitive information.
With the NotPetya assault, which immediately targeted Ukraine but left significant collateral damage to US and other American companies, the Russian digital operations had a global reach in 2017. The White House press assistant’s department reported that the attack was connected to Russia’s plan to destabilize Ukraine.  ,
Tariq Ahmad, UK Minister for Cybersecurity at the Foreign Office, described the attack as “reckless”, emphasizing its blatant disrespect for Ukrainian sovereignty. He made a point of highlighting the devastating financial consequences of the attack, noting that hundreds of millions of pounds was lost on European organizations.
NotPetya showed that even though Ukraine is the epicenter for Russia’s cyber aggression, the impact of this cyber war is global. Allies will be defended by assisting Ukraine in its cyberspace defenses. The Department of Homeland Security ( DHS) and the Federal Bureau of Investigation ( FBI ) issued a joint government alert in 2018 as the US energy grid and other crucial infrastructure sectors were targeted by Russian government hackers.  ,
Additionally, the hackers targeted vendors and smaller businesses with weaker defenses, using methods like spear phishing as a launching pad to install malware on more significant networks.  ,
Once inside, the hackers became more aware of how computer systems operated and transmitted data, becoming more knowledgeable about how power plants operated and transmitted information. The hack’s aim was to show how strong Russian cyberpower is and how it can hack crucial US infrastructure.
Russia would only grow bolder with its cyberattacks if there was no strong response to deter future attacks despite the fact that hacking critical infrastructure in the West was thought to be crossing red lines.
The SolarWinds hack, which facilitated Russian hackers to access numerous businesses and US government agencies through hacked IT management software, was discovered in 2020 as part of a sophisticated espionage plot. While the company distributed software updates embedded with the hackers ‘ code to its clients around the world, the SolarWinds cyberattack remained unnoticed for several months.
Hackers gained access to a number of US government networks, including those run by the Treasury Department and the Department of Homeland Security. Following the attack, the US government imposed sanctions on Russia. According to Alex Stamos, director of the Internet Observatory at Stanford University, Russia had carried out “one of the most successful cyber-espionage campaigns of all time” through a routine software update.  ,
In the wake of the SolarWinds breach, US and European governments began to grapple with the uncertainty surrounding cyberred lines. In response to the attack, Marcus Willett, a former senior cyber advisor to Britain’s digital intelligence agency GCHQ, cautioned the US to be reserved in its response to Russia’s” surgical” espionage campaign.  ,
Russian threat actors have long benefited from the lack of clarity in their cyber security policies and have continued to make use of it.  ,
A Russian criminal organization attacked Colonial Pipeline in May 2021, which had an impact on the pipeline’s IT systems.  ,
The attack was so devastating that it caused long lines at gas stations and jet fuel shortages for airlines. The government issued a warning to people to only use containers made of fuel when filling plastic bags in a rush. A state of emergency was required by several US states.  ,
Supply chain attacks, such as the Colonial Pipeline incident, often exploit vulnerabilities in a component within an organization’s network. Even for large organizations, it can be challenging to track down all application components and potential software flaws.
In response, the Biden Administration issued an executive order to US agencies in May 2021 requiring them to enhance their cybersecurity, including adopting software bills of materials ( SBOMs). SBOMs assist in identifying and updating software components, thus enabling quicker responses to vulnerabilities, and assisting buyers in assessing product risks.
A month later, JBS Foods, a major meat processing company, fell victim to a ransomware attack by a Russia- based group, forcing all nine of its beef plants to close temporarily. Additionally, the US company’s poultry and pork processing plants were affected by the attack. Concerns about potential shortages and price increases in the US meat supply chain were the subject of this shutdown, which had a significant impact on the supply chain.
Russia was given the all-clear when the White House claimed it was” considering all options regarding how to react” in the aftermath of the attack.
Russia continued to launch bold cyberattacks, which were never followed by a strong Western response.
NEXT: Cyber warfare following Russia’s full- scale invasion of Ukraine ( 2022 – present )
David Kirichenko , is a Ukrainian- American security engineer and freelance journalist. Since Russia’s full- scale invasion of Ukraine in 2022 he has taken a civilian , activist role.
These articles are excerpted, with kind permission, from , a report he presented at the UK Parliament , on February 20 on behalf of the Henry Jackson Society.