Reconnaissance Hacking, The New Russia/China Alliance, Ukraine, and What That Means for The World. With things moving quickly in real time regarding the ongoing Ukraine crisis, a new cyber offensive. Thought to be initiated by Russia, is menacing the Ukraine with DDOS attacks. But regardless of whether or not Russian forces actually attack Ukraine. The world should have concern over the recently announced Russia-China alliance that’s declaring a “new era” in geopolitics.
The new cooperative seeks to challenge the US as the world’s top superpower. And involves the two most prolific hacking nation-states in the world. The fact is, that both Russia and China have been engaging in the practice of reconnaissance hacking. For upwards of a decade! And that gives both nations an ability to remotely attack American or international targets.
Although any Russian attacks against Ukraine would certainly confront force from NATO. The Kremlin, and potentially their newly reinforced ally China, could immediately initiate a widespread cyber offensive operation in retaliation. And if the allies of Russian and Chinese, cyber powers Iran and North Korea, join the fray, things could get very ugly very quickly.
Since about mid-January, the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Agency (CISA) have issued warnings of potential cyberattacks. Their fear is based on years of consistent cyberattacks coming from both Russian and Chinese intelligence agencies, with assistance from their respective state-sponsored hacking groups, known as Advanced Persistent Threats (APTs).
These state-sponsored groups have conducted reconnaissance cyber operations, not unlike the historic SolarWinds hack, and have acquired an immeasurable amount of intelligence as a result.
The Russian APT Group Nobelium was behind the SolarWinds attack.
They used an update to a widely used software as the attack vector to install Sunburst Malware in the systems of tens of thousands of entities in both the public and private sector. Among these entities were companies like cybersecurity firm FireEye, in addition to American governmental agencies like DHS and the Treasury Department. Scarier still, Nobelium also compromised entities in the energy and infrastructure sectors.
The SolarWinds attack used the same playbook employed by Russian hackers against Ukrainian targets in the Petya/NotPetya attacks of 2015-2016. Like with SolarWinds, those hacks also affected virtually every sector of the Ukrainian economy, and the hackers also used an update to a popularly used software program for entry.
The Chinese government also poses a dangerous threat to the west.
In 2018, Chinese hackers victimized a US Navy contractor working on behalf of the Naval Undersea Warfare Center in Newport, Rhode Island. This attack would occur three years after NBC published an NSA map. One that revealed “more than 600 corporate, private or government ‘Victims of Chinese Cyber Espionage’. Attacked over a five-year period, with clusters in America’s industrial centers.”
The NSA map also presented examples of Chinese hackers penetrating America’s critical infrastructure, and this has continued again on many occasions recently. If both countries were to leverage their total combined intelligence, it can potentially have a catastrophic effect against the US from thousands of miles away.
North Korea and Iran are also formidable if they elect to involve themselves with the new Russia/China alliance. The FBI and CISA have already observed Iranian government-sponsored APT groups exploit Fortinet vulnerabilities since March of 2021. Among the more prolific of these groups is APT35, known also as Charming Kitten. While North Korea’s most prolific APT is known as the Lazarus Group.
In conclusion, the next several days will be key in the Ukrainian Crisis. But even if peace remains for now. Moreover, the potential for great devastation still exists. As a result of years of intelligence operations and reconnaissance hacking that have already been achieved.