On Thursday, the U.S. stepped up sanctions on Russian intelligence for its attempt to interfere in the U.S. 2016 elections, and accused Russia of coordinating a far-reaching cyber-assault on its energy, nuclear, water and “critical manufacturing” sector. U.S. officials said that malware and signs of other types of cyber-attack had been identified in the operating systems of various companies and organisations that had been traced back to Russia.
The FBI and the Department of Homeland Security (DHS) issued a joint alert, pressing other companies in the energy and infrastructure industries “to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity”. The alert said the concerted cyber-attacks had started in March 2016 and the multi-stage campaign was led by “Russian government cyber actors” who specifically targeted the networks of small commercial facilities in order to gain remote access into wider energy sector networks. After gaining access, network reconnaissance was conducted in order to gather further information related to the U.S.’ Industrial Control Systems (ICS).
Initial targets were more peripheral, such as third-party suppliers with less secure networks, that would help act as a pivot point towards their final intended victims. “NCCIC and FBI judge the ultimate objective of the actors is to compromise organizational networks”, the alert reads.
The threat actors used a range of different cyberattack techniques, including:
- spear-phishing emails (from compromised legitimate accounts);
- watering-hole domains;
- credential gathering;
- open-source and network reconnaissance;
- host-based exploitation; and
- targeting industrial control system (ICS) infrastructure.
At the same time, the U.S. treasury announced new sanctions against Russian individuals and entities connected to their interference in the 2016 elections. Officials said that thousands of Russian-planted stories had reached “millions of people online” during the U.S. presidential campaign.
The latest sanctions represent the strongest set of U.S. punitive measures against Russia since the start of Trump’s time in office, however, many of the targets are the same as those Robert Mueller identified in an indictment. Democrats quickly spoke out against them saying they did not go far enough.
“The sanctions today are a grievous disappointment, and fall far short of what is needed to respond to that attack on our democracy, let alone deter Russia’s escalating aggression, which now includes a chemical weapons attack on the soil of our closest ally,” Adam Schiff, the top Democrat on the House intelligence committee, said in a statement.
On Friday, Russia threatened to expand its own “blacklist” of Americans in response to the U.S. sanctions against it. Russian Deputy Foreign Minister Sergei Ryabkov said it will use “the principle of parity” as it responds.
The sanctions came as the U.S. joined European allies in denouncing Russia for a nerve agent attack on British soil against a former Russian spy and his daughter. Britain announced its own set of sanctions against Russia over the attack on Wednesday, including the expulsion of 23 Russian diplomats from the U.K.