Countries worldwide have denounced Russia’s increase in cyberattacks, calling its actions “intolerable,” and the cause of tensions and mistrust, Spanish newspaper La Razón reported. These actions affect individuals, as well as governmental and private companies alike and electoral processes in several nations.
“Russia and China are recognized as advanced cyberthreats worldwide,” Nacho García Egea, head of cybersecurity at BeDisruptive, a Spanish technology company, told Spanish media outlet El Independiente on March 16. “Both countries have large armies of highly trained hackers.”
So far in 2024, Moscow has kept up its cyber aggression against Ukraine and countries that support the Kiev government, generating concerns in neighboring countries that the Russian threat will spread, The Independent reported.
“Cyber hacker groups associated with Russian intelligence services are characterized by their strong organization and funding,” Esteban Jiménez, chief technology officer, of Costa Rican cybersecurity firm Atticyber, told Diálogo on March 23. “This makes them highly impactful in their threats for the operations of organizations that investigate.”
Microsoft
“They take advantage of the changes and transformations occurring within organizations worldwide to carry out their operations, legally questionable covert [operations] in cyberspace,” Jiménez said. “One example is U.S. technology company Microsoft.”
On March 8, Microsoft announced that the Russian state-backed hacker group Midnight Blizzard, also known as Nobelium, had been attempting to access its internal systems and source code databases. The company first detected these intrusion attempts in January.
In February, Midnight Blizzard escalated certain aspects of its attacks, multiplying them by up to 10 times the volume detected in January, Microsoft said. This ongoing attack is characterized by consistent intensity, resources, coordination, and focus on the part of the perpetrators.
Microsoft suggested that Russian hackers may be using the information obtained to identify vulnerable areas and improve their attack capabilities. This fact highlights the unprecedented global threat landscape, particularly of sophisticated attacks perpetrated against multiple states.
“Microsoft dominates the operating system market in Latin America, with more than 87 percent share, making it a strategic target for these cyberattack groups,” Jiménez said. “These are attacks aimed at Google and Amazon, leaders in cloud services.”
“Midnight Blizzard is using the Microsoft banner to recruit more collaborators, to prepare attacks on specific infrastructures,” Jiménez said. “In South America, affiliates of Russian hacking groups are growing very fast, mainly in Argentina.”
Russian cyberattacks
In recent years, Russia became the center of attention due to its involvement in several hacker-related incidents. In January, a group of Russian hackers unleashed a ramsomware attack against government service providers in Sweden, reported La Razón.
That same month, another incident occurred against the Australian government. This time, Russian hackers compromised government files stored in a law firm. In December 2023, Russian hackers attacked the largest telephone provider in Ukraine.
In 2022, Costa Rica was hit by a ransomware attack that paralyzed customs and tax collections as well as other government institutions. Russian group Conti claimed responsibility and held the data for a $20 million ransom, Forbes Mexico reported. In 2020, the Russian intelligence service conduced a massive cyberattack using a routine software update from company SolarWinds compromising some 100 companies including some U.S. government agencies, La Razón reported.
Cyber disaster
There is a “growing interest by cyber actors in identifying critical infrastructure at the continental level, essential for the functioning of regions, such as the Panama Canal in the Americas, which stresses the need to protect these assets against potential threats,” Jiménez said.
Russia, U.S. think tank the Henry Jackson Society (HJS) said in a report, considers cyber warfare as an integral part of its strategy to subdue and destabilize states, employing false identities to confuse and evade attribution in its operations.
Jake Moore, global cybersecurity advisor at the Slovakian software company ESET, warned British news site inews on March 18 about the ways “a cyber disaster” could happen, highlighting the risk of “a simultaneous targeted attack against key institutions such as banks, hospitals, and governments.”
Cyberattacks could paralyze a country, potentially targeting electrical grids, banking systems, communications networks, health care services, while affecting everything from gas price to flights, ABC News reported.
The HJS report foresees an increase in the use of hacking groups by Russian intelligence services to carry out intelligence and subversion activities against Western countries, including industrial espionage, adding further concern to the global cybersecurity landscape.
According to Jiménez, “Russian, Chinese, Iranian, and North Korean cybercriminals collaborate to destabilize states, adopting a model akin to organized crime. Typically, one of these groups assumes leadership and fosters high-profile relationships, to recruit smaller groups and carry out attacks more efficiently.”
There is a need for authorities throughout the hemisphere to strengthen their investigative techniques to identify and capture the perpetrators and members of these groups, Jiménez said. “The increasing magnitude of attacks in the Americas raises concerns about this threat,” he concluded.