Exclusive: FBI Braces for Russian Cyber Attacks in US as Ukraine Tensions Rise

An FBI report obtained by Newsweek has called on the U.S. private sector to be prepared for potential state-sponsored cyber attacks to be launched by Russia as tensions over Ukraine threaten to spill into an all-out conflict in Eastern Europe.

The Liason Information Report (LIR) was dated February 20 and attributed to the FBI Office of Private Sector.

"The FBI Cyber Division, in coordination with the FBI's Office of Private Sector (OPS), prepared this LIR to inform the private sector about the threat of Russian state-sponsored advanced persistent threat (APT) cyber activities, while tensions with Russia are heightened," the report said.

"The FBI is engaging in efforts to support the U.S. response and to secure the Homeland from any Russian actions; historically, Russian state-sponsored APT cyber activities increase when tensions are high with Russia," the report added.

The report directly mentioned the deteriorating security situation on Ukraine's border in connection with the potential cyber threat.

"Due to the increased threat of Russian military action, the security situation in Ukraine could deteriorate with little notice," the report said. "The United States, along with its Allies and partners, has underscored its readiness to impose significant costs on Russia if it takes further military action against Ukraine, potentially further increasing the volume/severity of Russian APT cyber activities."

The FBI report said such Russian APT actors "have used spear phishing and brute force cyber network attacks (CNA), while exploiting known vulnerabilities against accounts and networks with weak security."

"Russian APT actors have targeted a variety of U.S. and international critical infrastructure, including entities in the Defense Industrial Base, Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors," the report said. "Finally, Russian malign influence actors have and continue to use social media accounts, overt and covert media connections, and message amplification to articulate narratives designed to exclude or isolate groups from one another."

US, Air, Force, cyber, exercise
Exercise support staff launch scenario injects for a training scenario as part of exercise TACET VENARI, held at the U.S. Air Forces in Europe Regional Training Center, Ramstein Air Base, Germany, March 8, 2019. Master Sergeant Renae Pittman/U.S. Air Force

A U.S. cyber warfare officer, who also wished to remain anonymous, confirmed to Newsweek the heightened threat of Russian cyber attacks against U.S. companies, especially those dealing with the Pentagon or Ukrainian government entities, in the potential leadup to a war between Ukraine and Russia.

"Russia has targeted clear defense contractors — private companies that support the U.S. military," the U.S. cyber warfare officer said. "So this is a normal tactic and we would expect this to be no different in the pre-hostilities for Ukraine. Specifically, any U.S. contractors who are supporting Ukraine's government and military."

The potential strategy behind such an operation was explained to Newsweek by Brian Harrell, former Assistant Secretary for Infrastructure Protection at the Department of Homeland Security.

"Attacks on critical infrastructure are designed to destabilize a country, promote a lack confidence in a country's leadership, and they threaten the well-being of all its citizens. Russia would absolutely do this as part of their attack playbook," Harrell said.

He pointed to a series of warnings to Moscow broadcast by President Joe Biden and other top officials of retaliatory measures if Russia was determined to have engaged in cyber warfare against the U.S.

"The Biden Administration has rightly warned that this activity will not be tolerated. More importantly, the private sector has been monitoring the situation for weeks now in anticipation of a possible cyber attack," Harrell added. "The collective defense being showed between Government and the Private Sector is impressive and I've never seen info sharing this timely."

But he warned that Moscow still held a considerable range of cyber weaponry capable of being unleashed against Ukraine.

"Russia maintains a range of offensive cyber tools that it could deploy against Ukrainian networks — from low-level denials of service to destructive attacks targeting critical infrastructure," Harrell said.

On Friday, the White House publicly blamed the Kremlin for a series of cyber attacks that have crippled Ukrainian state institutions including political, military and banking sectors.

Asked Sunday about the potential threat of such cyber attacks hitting the U.S., Secretary of State Antony Blinken also referred to such tactics as part of Russia's "playbook" in an interview with NBC News.

"And we've been engaged for many months now, first of all in helping Ukraine itself bolster its cyber defenses, and of course very much focused on doing the same for ourselves in anticipation of the possibility that Russia would engage in cyber attacks in response to us standing up to their aggression," Blinken said. "This is a very, very dangerous game. We're, as I said, strengthening our own defenses."

The top U.S. diplomat noted that cybersecurity was a major topic of discussion when Biden held his first summit with Russian President Vladimir Putin last June in Geneva. That meeting came in the wake of a series of ransomware attacks conducted by Russia-based or Russian-speaking groups that paralyzed the Colonial gas pipeline and facilities of Brazil-based JBS meatpacking company in Australia, Canada and the U.S., among other industries.

The FBI report obtained by Newsweek also said that Russian APT actors "targeted and successfully compromised state, local, tribal, and territorial (SLTT) governments and aviation networks, September 2020 through at least December 2020."

"Russian-tied APT actors, using specifically crafted spear phishing emails, target current and former USG-affiliated individuals through personal email accounts," the report added. "The emails contain a malicious link that directs to a website that prompts the reader to enter their login credentials."

Biden assigned blame to Russia for the sweeping SolarWinds hack that led to a potentially months-long infiltration of software used by scores of federal agencies and leading companies in the U.S. and around the world. The U.S. leader issued sanctions against a number of Russian financial institutions, technology companies and individuals in response, and Blinken said he sought to reason with his Russian counterpart on the issue during their face-to-face encounter last year.

"The President was conveying to President Putin how seriously we take this and the need for Russia to do something about it because those engaged in the attacks were doing it from Russian soil," Blinken said. "And he noted to President Putin that if he were in President Putin's shoes with this large oil and gas infrastructure, he knows how difficult it would be for President Putin, if something were to happen to that infrastructure."

But Putin and his officials have repeatedly denied engaging in state-sponsored cyber attacks against the U.S. and have instead blamed Washington and its allies for conducting disruptive cyber activities against Russia and other nations.

This denial was reiterated Friday after the White House deputy national security adviser for cyber and emerging technology Anne Neuberger held Russia responsible for the cyber attacks against Ukraine, with Moscow's embassy in Washington calling the claim "purely anti-Russian."

"We categorically reject the groundless claims of the US administration and we state that Russia has no relation to the mentioned events, and has never carried out any 'malignant' operations in cyberspace," the embassy said in a statement on Twitter.

Russian officials have also continued to deny that any invasion of Ukraine was being planned, even as U.S. officials accused Moscow of bolstering troop positions along Ukraine's border with Russia as well as in Belarus and Crimea, a Black Sea peninsula annexed by Russia in 2014 after an internationally disputed referendum as unrest in Ukraine first erupted with a popular uprising that brought to power a pro-West government in Kyiv and sparked a pro-Moscow separatist insurgency in the eastern Donbas region.

As mysterious blasts erupted in the self-proclaimed Donetsk People's Republic and clashes between Ukrainian troops and rebels broke out, Biden said he was "convinced" that Putin had already decided to attack the neighboring country, citing U.S. intelligence, but said he still felt "diplomacy was always a possibility."

As the U.S. president scheduled a meeting with his National Security Council on Sunday, Russian ambassador to the U.S. Anatoly Antonov told CBS News that "there is no invasion and there is no such plans."