Russian hackers are among the best in the world, and the rise in tensions between the United States and Russia since the invasion of Ukraine has raised the prospect that Russian hackers could cyberattack on US citizens and entities. Our company, INKY Technology, provides in-depth cloud-based anti-phishing protection against email attacks. Although we can’t read our customers’ emails, they report to us through our interface, and we are in a unique position to see a flow of reports big enough to analyze trends.
As Russian soldiers rolled across the borders in Ukraine and the US government began providing aid and support to the Ukrainian side, we expected an increase in phishing attacks from Russia. Most of the time—over 90% by some estimates—a major cyberattack is triggered by a successful phishing exploit. E-mail – as the lowest common denominator of communication on the Internet and designed to enable people who do not know each other to get in touch – is the weakest link. Well, people using email are the weakest link, so phishing attacks are designed to pose as a trusted entity to gain access to corporate networks. In fact, the staff let the bad guys in.
At first we didn’t notice any increase in traffic from Russian servers, just the usual run-of-the-mill “Russian bride” spam. Then an email campaign It was revealed that he was posing as Ukrainian President Volodymyr Zelenskyy and soliciting cryptocurrency donations to help the Ukrainian cause. To bypass geographic filters, these emails were sent from US-based virtual private servers. With only slightly different capitalization, the simple text could easily have been written by a non-native speaker. Our analysis showed that the various cryptocurrency addresses were legit, the donation website had a .eu domain and a fancy homepage, but was rather thin on the supporting pages. This decoy came in through several different email vectors, and at the time of writing, no one had been tricked into sending cryptocurrency into the airwaves, which was certainly never to be seen again.
Since then, we’ve seen a report or two of the alleged sale of “Support Ukraine” t-shirt pitches in a fake shop scam with a credential-gathering payload. We also spotted bad actors posing as Ukrainian victims to solicit donations or investment partnerships.
But in general, the Russian hacking group has so far held back from unleashing a large spate of cyberattacks led by phishing probes. That could change if the United States becomes more seriously involved in active warfare on the side of Ukraine. We know the Russians have the capability, but we don’t know why they’re showing reluctance.
During the Second World War, the German army treated the population in the west very differently than in the east. They firmly expected to exterminate the Slavs and other peoples in the East and take over their farmlands, factories and infrastructure. But some generals were hedging their bets in the West just in case they lost the war. Apparently rational towards the French, Belgians, Dutch and British, they left themselves a hiding place should they need it. As it turned out, they did and were treated better themselves as a result.
It seems pretty clear that this is Putin’s war and that the Russian people are participating in it, at least somewhat reluctantly if they even know what’s going on. The general public in Russia may see the West as a potential haven and do not want to unnecessarily upset relations there. This could perhaps explain the previous reluctance to engage in cyber attacks. On the other hand, the Russian attackers may simply be waiting for Putin’s orders. We will see.
It is now in everyone’s interest here in the United States to secure their installations against such attacks. Such a defense will come in handy even if the attacking stream never rises above the usual commercial forays that are always in season.