By Andrew Osborn and Gabrielle T’trault-Farber
MOSCOW (Reuters) – U.S. Secretary of State Mike Pompeo said on Friday that Russia was responsible for a cyber attack that embedded malicious code inside U.S. government software systems and those of other governments and companies across the world.
The Kremlin has always denied Moscow’s involvement in cyber attacks against the West. It has said that Russia had nothing to do with this latest assault.
Here is some information about Russia’s possible motives for such an attack, and details about Russian cyber offensive and information warfare capabilities.
POSSIBLE RUSSIAN MOTIVE
The Kremlin has said many times it wants to improve ties with the United States, which are at a post-Cold War low and strained by issues from Ukraine to Syria.
But it also openly views the United States as Russia’s main geopolitical adversary and as a threat to its national security.
President Vladimir Putin has accused Washington of starting a new arms race and NATO of moving military infrastructure closer to Russia’s borders, and has complained about U.S. sanctions, part of what Putin casts as an attempt to hold Russia back economically and technologically.
Russia regularly probes U.S. defences, flying nuclear-capable strategic bombers near Alaska and sending submarines into the Atlantic to lurk off the East Coast.
Putin has complained that outgoing President Donald Trump was unable to improve U.S-Russia ties and has singled out what he has called President-elect Joe Biden’s harsh anti-Russian rhetoric.
On Thursday, Putin blamed U.S. intelligence agencies for a series of recent media investigations into people close to him. Without providing evidence, he also linked U.S. intelligence agencies to what he presented as the stage-managed poisoning of Kremlin critic Alexei Navalny.
Putin did not congratulate Biden on his victory in the Nov. 3 election until Dec. 15. Putin said last month he was not worried that his delay in congratulating Biden would worsen U.S.-Russia ties.
“You can’t spoil a spoiled relationship,” said Putin.
‘COZY BEAR’
Some cyber researchers have suggested that Russia’s SVR foreign intelligence service may have been behind the latest attack.
In 2018, Dutch media cited unnamed intelligence officials as saying the AIVD, the Dutch intelligence agency, had linked a Russian hacking group known as “Cozy Bear” or APT29 (advanced persistent threat 29) to the SVR. The AIVD did not comment.
The Washington Post cited sources on Dec. 13 as saying the United States had identified “Cozy Bear” as being responsible for the latest cyber attack referred to by Pompeo.
Hackers from “Cozy Bear” were detected by cyber security firm CrowdStrike on the U.S. Democratic Party’s servers in the run-up to the 2016 U.S. presidential election when email accounts of Hillary Clinton’s staff were hacked.
In July, Britain, the United States and Canada accused “Cozy Bear” of trying to steal COVID-19 vaccine research from academic and pharmaceutical institutions around the world.
‘FANCY BEAR’
Russian military intelligence, commonly known as GRU, has potent cyber offence capabilities, according to U.S. intelligence agencies.
In particular, GRU controls a hacking group known to cyber researchers as “Fancy Bear” or APT28 (advanced persistent threat 28) they have said.
It was that group, according to a Department of Justice indictment filed in 2018, that hacked the email accounts of Hillary Clinton’s staff before the 2016 election.
Reuters reported in September that Microsoft believed “Fancy Bear” had also targeted a firm working with Biden.
In 2016, the World Anti-Doping Agency accused Russian hackers of stealing confidential medical information about U.S. Olympic athletes and publishing it online. The FBI later seized the domain of the site – https://www.fancybear.net – where the information was released.
“Fancy Bear” hackers have also been linked by cyber security investigators to cyber attacks on the U.S. and French elections.
THE FSB
Russia’s Federal Security Service, the FSB, is the country’s main domestic intelligence agency.
The United States in 2017 charged two FSB agents and two hackers with masterminding the 2014 theft of 500 million Yahoo accounts.
The Justice Department indictment included charges of computer fraud, economic espionage, theft of trade secrets, wire fraud, access device fraud and aggravated identify theft.
It painted a picture of the Russian security services working hand-in-hand with cyber criminals, who helped spies further their intelligence goals in exchange for money.
INTERNET RESEARCH AGENCY
U.S. prosecutors say the St. Petersburg-based Internet Research Agency (IRA) played a key role in Russian efforts to try to sway the 2016 election in favour of Trump.
It did so, they say, by flooding social media with false reports and conspiracy theories in an attempt to exploit existing divisions.
The group is a Kremlin-backed outfit whose employees have posed as Americans, according to U.S. officials.
The U.S. Treasury Department in September imposed sanctions on individuals and entities linked to the financier of the IRA, who was charged in 2018, along with 12 other individuals and three entities, with conspiracy to defraud the United States for his alleged role in election meddling.
(Reporting by Andrew Osborn and Gabrielle T’trault-Farber; Editing by Frances Kerry)