WASHINGTON — Hackers working for Russian intelligence targeted a U.S. engineering company this fall, investigators with a U.S. cybersecurity firm said Tuesday — apparently because the firm worked for a U.S. municipality with a sister city in Ukraine.
The results reflect the evolving tools and tactics of Russian cyber warfare and demonstrate Moscow's willingness to attack a growing list of targets, including governments, organizations and private companies that have supported Ukraineeven to a small extent.
Arctic Wolf, the US cybersecurity firm that uncovered the Russian campaign, did not name its client or the city it was working with to protect its security, but said the company was not directly involved in Russia's invasion of Ukraine. However, the group behind the attack, known to cybersecurity experts as RomCom, has consistently targeted groups associated with Ukraine and its countries. protection from Russia.
“They regularly target organizations that directly support Ukrainian institutions, provide services to Ukrainian municipalities, and assist organizations associated with Ukrainian civil society, defense or government functions,” said Ismael Valenzuela, Arctic Wolf’s vice president of laboratories, threat research and intelligence.
The attack on the engineering company was discovered by Arctic Wolf in September before it could disrupt the engineering company's operations or spread further.
A message left with Russian embassy officials in Washington seeking comment was not immediately returned.
Many cities around the world maintain sister city relationships with other communities using the program for social and economic exchange. Several US cities, including Chicago, Baltimore, Albany, New York and Cincinnati, have sister city relationships with Ukrainian communities.
The September campaign comes just weeks after the FBI warned that hackers linked to Russia were seeking to infiltrate U.S. networks to infiltrate sensitive systems or destroy critical infrastructure. According to latest newsletter According to the US Cybersecurity and Infrastructure Security Agency, hackers linked to Russia have several motives: disrupting aid and military supplies to Ukraine, punishing businesses with ties to Ukraine, or stealing military or technical secrets.
Last month, the Ukraine Digital Security Lab and investigators at SentinelOne, a US cybersecurity firm, uncovered a rapid and widespread cyberattack on aid groups supporting Ukraine, including the International Red Cross and UNICEF. This hacking campaign used fake emails posing as Ukrainian officials who attempted to trick users into infecting their computers by clicking on malicious links.
SentinelOne investigators did not attribute the attack to the Russian government, but noted that the operation targeted groups working on Ukrainian aid and took six months to plan. The “highly capable adversary” behind this campaign is investigators establishedis “an operator well versed in both offensive operations and defensive evasion of detection.”
