Russia is behind cyber attacks on Western utilities, says security firm | Yle news

“It’s a kind of escalation because we see more than just data collection, surveillance and intelligence gathering,” says Mikko Hyppönen.

Open the image viewer

According to Finnish cybersecurity firm Withsecure, Russia has been using malware in cyber attacks on targets in Eastern European countries since at least mid-2022.

More specifically, the company has reported that a Russian military intelligence effort led to the breach of databases of an Estonian logistics company.

Finland’s eastern neighbor also appears to have tampered with data systems for water utilities in the US, France and Poland, according to Mandiant, a data security firm and subsidiary of Google.

So far, the cyber attacks do not appear to have caused any significant disruptions. For example, the attack in the US caused a water tank at a Texas factory to overflow until the system was brought under control, according to CNN.

But according to Withsecure’s research director: Mikko Hyppönenit is a serious matter if Russia carries out cyber attacks on the utilities of NATO countries.

“It’s a kind of escalation because we’re seeing more than just data collection, surveillance and intelligence gathering,” Hyppönen told Yle.

Hyppönen: Russia has attacked the Estonian company

In late 2022, malicious code called “Kapeka” helped hackers breach an Estonian logistics company’s database. A recent investigation by Withsecure shows who Hyppönen believes was behind the attack.

“Our investigation directly linked the Kapeka malware to Russia’s Sandworm group, the country’s military cyber intelligence unit,” he explained.

The Sandworm group is known for carrying out several devastating attacks in Ukraine, including temporarily shutting down the war-torn country’s power grid.

“The development and deployment of Kapeka likely follows the ongoing conflict between Russia and Ukraine, with Kapeka likely being used in targeted attacks on companies in Central and Eastern Europe since the illegal invasion of Ukraine in 2022,” said a letter from Withsecure about the issue.

According to Hyppönen, the malware delivered by Sandworm in Estonia caused disruptions in the logistics company’s systems, but he did not elaborate.

Meanwhile, Mandiant has reported that Russian military intelligence unit Sandworm was also likely behind recent cyber attacks in the US, Poland and France. The Russian connection is not entirely clear, however, as a Russia-based hacker group has claimed responsibility for the attacks – and published evidence supporting these claims.

‘It changes the situation’

Despite this, Mandiant has said there are some signs that the hacker group was actually controlled – or even founded – by Russian intelligence. Independent hackers and members of Russian intelligence are known to share information with each other.

According to Hyppönen, until recently it was thought that “patriotic” Russian hacker groups were not directly under state control and that they could operate as they pleased.

However, he said that if the hackers are directly connected to Russian military intelligence or other government units, “this changes the situation.”

According to Hyppönen, the nature of cyber attacks carried out by independent hackers is seen as advantageous by some governments – because the perpetrators of cyber attacks cannot be identified with any degree of certainty. By using this arrangement, countries that sponsor such activities do not have to worry about retaliation.

Finland well prepared

Hyppönen said Finland is better prepared in terms of cybersecurity than most other countries in Europe. The security expert said that according to the information available to him, Russia has not yet carried out any destructive attacks on Finland. However, Russia will not stand idly by, he added.

“I think it is likely that the Russian state is currently breaking into Finnish systems to spy and gather intelligence,” he said.

He said authorities should improve the use of cybersecurity experts for national defense efforts.

“It would be smart to have IT and network experts work together with cybersecurity experts,” he explains.