Cyberwar over Ukraine could see Russia use footholds into companies gained through the SolarWinds breach and other supply chain cyberattacks.
Stiff sanctions against Russia and Vladimir Putin over Ukraine means a wave of cyberattacks may be headed for the U.S. and other western nations as retaliation, cyber experts say, as part of what could become an escalating “cyberwar.” Security teams, of course, are perpetually on guard for Russian attacks — but the threat this time could be especially difficult to see coming, experts told VentureBeat. That’s because Russia is believed to have been saving up some of its best options for a moment like this one. Russian threat actors are widely believed to have gained footholds into corporate and government systems — via SolarWinds-like software supply chain breaches, the Log4j vulnerability, or even the SolarWinds hack itself — which just haven’t come to light yet. But they might soon. Cyber experts are warning of an increased risk of cyberattacks from Russia, following sanctions that booted major Russian banks from the SWIFT financial system. The move essentially prevents the Russian banks from carrying out international transactions, and followed other rounds of sanctions over Russia’s invasion of Ukraine, including some that’ve hit Putin himself. The SWIFT sanctions had previously been described as the “nuclear option,” and are exactly the sort of thing that Putin had vowed to retaliate against. And cyberattacks are his preferred method for hitting back against the west. In assessing the size and scope of Russia’s military campaign in Ukraine, “this attack has been in the planning for years,” said Eric Byres, CTO of cyber firm aDolus Technology. “Efforts to prepare their cyber campaign will have matched the efforts on the ground, so you know that Russia will have cyberattack resources that match their military ones.” Russian threat actors — whether in government agencies such as the GRU and SVR, or in sympathetic groups such as Conti — have almost certainly compromised software supply chains that we don’t know about yet, according to cyber experts. And in any cyberwar maneuvers targeting the west, they might opt to utilize this access. “I’m willing to bet that the Russians haven’t used even a fraction of the bullets in their cyber arsenal,” Byres said in an email. Uncovered in December 2020, the attack on SolarWinds and customers of its Orion network monitoring platform has been linked to the Russian intelligence agency SVR. The attackers managed to breach the software supply chain and insert malicious code into the application, which was then distributed as an update to thousands of customers. As a result, the attackers are believed to have gained access for as much as nine months to numerous companies and government agencies, including FireEye, Microsoft and the Departments of Defense, State and Treasury. Notably, however, SolarWinds was not the first major software supply chain attack attributed to Russia, or even the most damaging. The 2017 NotPetya attack is believed to have originated through a compromise of an accounting application, MeDoc, which was made by a Ukrainian company and widely used in the country.
