In-Depth: How Russian cyberweapons could strike U.S. targets during the Ukraine conflict

Several Ukrainian websites were offline as Russian troops advanced into the country.
Posted at 7:19 PM, Feb 24, 2022
and last updated 2022-02-25 18:43:35-05

SAN DIEGO (KGTV) – As Russia invades Ukraine, security experts warn that escalating cyberattacks could strike U.S. businesses and other targets, intentionally or otherwise.

Several Ukrainian government and financial websites were offline Thursday as Russian troops moved into the country. These sites appeared to be disabled by a denial of service attack, a well-worn hacking technique in which a website is overwhelmed by fake traffic.

However, one cybersecurity firm said it detected a new kind of malware, nicknamed “HermeticWiper,” in hundreds of Ukrainian computers. The virus can erase all of the data on a system and make a computer unusable, the firm said.

So far, Russia’s cyber offensive has been limited in scope, said Peter Cowhey, dean emeritus of the School of Global Policy and Strategy at UC San Diego. “They certainly have not used the full extent of their cyber capabilities.”

Cowhey said there are two broad scenarios where Russian cyber weapons could impact the U.S.: an intentional attack on U.S. targets or unintentional spillover.

In the second scenario, Russian hackers attacking Ukraine might infiltrate American companies in the process.

“Some of the companies and firms that should be on the lookout are any firms that are doing business with the Ukrainian government because the Russians are going to want every piece of information that they can get in order to get an advantage,” said University of San Diego adjunct professor Nikolas Behar.

The FBI and other federal agencies have issued warnings to American companies recently, urging them to shore up cyber defenses.

“If [the Russians] breach a Western company that’s doing business in Ukraine, that Ukrainian network of that company could be connected to their home, office, or their headquarters,” he said. “Once they breached the Ukrainian subsidiary, they can pivot or move laterally throughout the network.”

Russia might intentionally launch cyberweapons at U.S. targets in response to sanctions, Cowhey said. Those attacks could come from the Russian military or gangs of criminal hackers that cooperate with the Russian government.

“If the Biden administration really puts on the screws in the next set of sanctions, it’s possible the Russians might do the equivalent of a little espionage to make the American public nervous about a vigorous sanctions regime,” he said.

In that scenario, potential targets might include communications and mobile networks, oil and gas pipelines, water treatment facilities, the banking system, or the electrical grid. In 2015 and 2016, Russia attacked Ukraine’s electrical grid and temporarily disabled power.

But an attack on critical infrastructure in the U.S. would likely prompt a proportional response, Behar said.

Although San Diego is a military hub, Cowhey said the region is unlikely to be Russia’s top target. “The East Coast is a more attractive economic and political target than San Diego,” he said.

Editor's note: A previous version of this story incorrectly identified Peter Cowhey's title at UC San Diego. He is dean emeritus of the School of Global Policy and Strategy, not the acting dean.