Why a hacking operation by a proto-state in Ukraine could spell trouble for US

A Ukrainian solder patrols in the village of Zolote 4, eastern Ukraine, on March 29, 2019.


By JOSEPH MARKS | The Washington Post | Published: April 17, 2019

WASHINGTON — The Luhansk People's Republic, a region that has claimed independence from Ukraine with the backing of Russia's military, isn't recognized by the United States, the European Union or NATO. But it has a hacking army and it's targeting the Ukrainian government and military, according to new research from the cybersecurity company FireEye.

This is probably the most extreme case to date of an ultra-small group targeting a national government with a sophisticated hacking operation, John Hultquist, FireEye's director of intelligence analysis who co-wrote the report, told me.

And it could usher in a new era of small nations or nonstate actors developing sophisticated hacking operations, he said. That could mean a big headache for the United States and other global powers, which will have to defend themselves against a new slate of digital adversaries.

"We're focused on the big players . . . and for good reason," Hultquist said. "But we should bear in mind that if this small substate can put together a [hacking] capability, then anyone can."

The major hacking powers the United States considers adversaries are Russia, China, Iran and North Korea - all of which have developed extensive capabilities and launched major, successful cyberattacks against U.S. targets in government and industry.

A small nation or nonstate group is highly unlikely to be able to pull off a major hack, such as Russia's breach of the Democratic National Committee or China's alleged theft of millions of background checks from the Office of Personnel Management, Hultquist said. But that doesn't mean they couldn't do serious damage.

Hacking is "an asymmetric capability," Hultquist said. "Those groups may not be sufficiently advanced to cause a major threat to the U.S. government, but they may be sufficiently advanced to cause a threat to U.S. interests, to U.S. companies or to U.S. allies."

Cybersecurity companies have identified hacking groups that might be linked to the militant Palestinian group Hamas that controls Gaza, for example. Those groups have launched malware campaigns at Israeli government targets and a rival Palestinian faction -- and they could easily turn their attention to the United States, Hultquist said. Or smaller nations, such as Cuba and Venezuela, could turn to hacking to retaliate against the United States over diplomatic disputes, he said.

"New state actors are going to be significantly drawn to this practice and other substate actors will develop capabilities," he said.

In the case of the Luhansk People's Republic, the operation included a mix of hacking tools the group developed and tools it bought off the shelf.

The operation might have launched as far back as 2014 when the region first broke off from Ukraine, FireEye found. The most recent set of emails loaded with malware that FireEye found included phony pitches for technology to clear landmines.

FireEye didn't find clear evidence the hackers successfully penetrated Ukrainian government or military networks but, given they kept at for so long, it's likely they were having at least some success, Hultquist said. The company also didn't find evidence the Luhansk group was assisted by Russia, he said.

Ukraine has been a testing ground for new hacking trends and techniques since 2014, which often eventually make their way outside the region, Hultquist said.

"It's created this consistent battle rhythm of activity that we'd never seen before," he said.That activity is mostly driven by Russian hacking groups that perfect their techniques in Ukraine before launching them elsewhere, he said.

from around the web