US Puts Big Bounty Bullseye on Russian Hackers
What do big bounties mean for the ongoing battle against nation-states cyberactivity, and how can leaders mitigate the risk of their enterprises becoming victims?
As cyberattacks persist to stir turmoil in geopolitical conflicts around the world, the United States amped up the volume as it calls out criminal cyberactivity suspected to come out of Russia. Now, it has indicted six Russian hackers involved in cyberattacks collectively known as “Whisper Gate.”
In addition to the indictment, the government offered a $10 million reward per hacker through the US Department of State’s Rewards for Justice Program.
What do multimillion-dollar bounties mean for the ongoing battle against cyberactivity sponsored by nation-states, and how can leaders mitigate the risk of their enterprises becoming victims of these attacks?
The Russian Hackers
Five of the hackers indicted are members of the Russian Main Intelligence Directorate (GRU) officers, while the sixth hacker is a civilian. They are charged with “conspiracy to commit computer intrusion and wire fraud conspiracy,” actions taken as part of the GRU’s Whisper Gate campaign.
A civilian’s involvement points to a growing trend of collaboration between nation-state actors and criminal enterprises. “This continued merger [and] sharing of capabilities and tactics between criminal enterprises and nation-states … becomes a force multiplier for the nation-state actors,” says Michael McPherson, senior vice president of security operations at cybersecurity company ReliaQuest.
Whisper Gate, launched in 2022, targeted Ukrainian critical infrastructure, as well as the US and 25 other countries belonging to NATO, according to the US Department of Justice. The cyberattacks preceded Russia’s invasion of Ukraine. US Cyber Command and several companies, including Amazon, Google, and Microsoft, countered the cyberattacks, according to The New York Times.
Two years later, the indictment names the hackers. Why now? The hackers are unlikely to be caught and stand trial for the charges laid out in the indictment. Russia will not extradite them; they would have to be apprehended in a country that has an extradition treaty with the US.
“The timing of the release of the indictment seems to try to act as a warning against potential election interference rather than prosecuting criminals for the damages or attacks against Ukraine in this specific instance,” Yashin Manraj, CEO at Pvotal Technologies, provider of a platform engineering hub, tells InformationWeek in an email interview.
While arrests are unlikely, the naming of the Russian hackers could also send a message about the US government’s insight into GRU intelligence operations.
Big Bounties
Offering a potential reward of $60 million, up $10 million for information on the whereabouts or cyberactivity of each indicted hacker, is an attention-grabbing tactic. Earlier this year, the US State Department announced the offer of a $2.5 million reward for information leading to the arrest of a Belarusian hacker.
These hefty rewards seem to signal the gravity with which the federal government treats ongoing cyberthreats.
“You could interpret [it] as the government saying, ‘We are prepared to invest what it takes to combat this at … the state level.' You could also potentially interpret it as [them] saying, ‘We don't have the resources ourselves to do it. And therefore, let's see, can the wider community potentially help?’” says John Price, founder and CEO of cybersecurity company SubRosa.
Financial motivation can be a powerful tool in the fight against cyberattacks. It could deter other would-be cybercriminals from getting into the game, and it could lead to cybercriminals leaking information on one another.
These big bounties could also potentially backfire, Manraj warns. “Unfortunately, the fame or infamy reached by these indictments will increase the interest of many state-sponsored actors to ramp up attacks in an effort to reach the same status as these five,” he says.
Ongoing Nation-State Cyber Activity
Nation-state cyber activity from Russia, as well as countries such as China, Iran, and North Korea, will persist. With the US presidential election just around the corner, those efforts could become increasingly aggressive.
“A lot of people think that … adversaries are trying to pick winners and losers. That's not necessarily the case. The case is more that they want to sow doubt and mistrust within the public,” says McPherson. “The more we're divided, the more powerful our enemy is.”
On Sept. 4, the Department of Justice announced the disruption of a Russian government-sponsored operation aimed at influencing voters in the US and other countries and at undercutting support for Ukraine. The Justice Department seized 32 internet domains used in the campaign, referred to as “Doppelganger.”
As nation-state cyberactivity continues, Price impresses the importance of “… moving away from the antiquated mindset that state-sponsored attackers are only really interested in government or larger entities.”
If any enterprise is a potential victim, what should leadership teams be thinking about?
Collaboration is an important strategy for mitigating the risks associated with nation-state-sponsored attacks. McPherson stresses the necessity of partnership between the public and private sectors.
“If you don't have a relationship with the local FBI office you're already behind. If you haven't talked to CISA about mitigation, you're already behind,” he says.
While nation-state actors can be highly sophisticated and capable of breaching organizations with the strongest defenses, they can also be opportunistic. Enterprise leaders have a responsibility to maintain cybersecurity hygiene and protocols to mitigate the risk of exploitable vulnerabilities.
“Enterprise leaders ought to rethink critical security education and help train their staff to understand the importance of their role within their product and responsibility in defending the data they are managing,” Manraj argues.
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022