A U.S. cybersecurity firm, Arctic Wolf, revealed on Tuesday that hackers linked to Russian intelligence had attacked an American engineering company this fall. Investigators believe the attack was spurred by the engineering firm’s connection to a U.S. municipality that maintained a sister city relationship with a community in Ukraine. The findings highlight the changing nature of Russia’s cyber war, illustrating Moscow’s readiness to strike a wider array of targets, including private companies and organizations that have supported Ukraine, even tangentially. This incident demonstrates how Russia’s conflict extends into the digital domain, targeting those perceived to be associated with Ukraine’s defense.
Arctic Wolf, which identified the Russian campaign, declined to name either its customer, the engineering company, or the associated city. The firm noted that the targeted company had no direct involvement with the conflict. However, the hacking group behind the operation, identified by experts as RomCom, has a history of consistently targeting entities with ties to Ukraine and its defense efforts against Russia. Ismael Valenzuela, Arctic Wolf’s vice president of labs, threat research and intelligence, stated that RomCom “routinely go after organizations that support Ukrainian institutions directly, provide services to Ukrainian municipalities, and assist organizations tied to Ukrainian civil society, defense, or government functions.”
The attack on the engineering firm was detected and contained by Arctic Wolf in September, preventing any disruption to the company’s operations or any further spread of the malicious code. The sister-city program, which links communities worldwide for social and economic exchange, is used by several U.S. cities, including major ones like Chicago, Baltimore, and Cincinnati, which have such relationships with Ukrainian communities. A request for comment sent to officials at the Russian Embassy in Washington regarding the incident was not immediately answered.
This September operation followed a warning from the FBI issued just weeks prior, alerting that Russian-linked hackers were attempting to breach U.S. networks to gain access to critical infrastructure or important systems. The U.S. Cybersecurity and Infrastructure Security Agency’s recent bulletin outlines multiple motives for the Russia-aligned hackers: disrupting aid and military supplies to Ukraine, retaliating against businesses with ties to Ukraine, or acquiring technical or military secrets through theft. The wide range of targets and motivations underscores the strategic nature of Russia’s cyber efforts.
Further evidence of these concerted cyberattacks emerged last month when the Digital Security Lab of Ukraine and investigators at the U.S. cybersecurity firm SentinelOne exposed a massive, rapid-fire cyberattack aimed at relief groups supporting Ukraine, such as UNICEF and the International Red Cross. This campaign utilized fraudulent emails designed to look like they came from Ukrainian officials, tricking recipients into clicking malicious links and infecting their computers. While SentinelOne’s investigators did not formally attribute the attack to the Russian government, they noted the operation focused on groups providing Ukrainian assistance, required six months of planning, and was executed by a “highly capable adversary… well-versed in both offensive tradecraft and defensive detection evasion.”
Reference:
