Join today’s leading executives online at the Data Summit on March 9th. Register here.
As substantial as the cyberattack capabilities of Russia’s affiliated hacker groups might be, the worldwide cyber effort to oppose Vladimir Putin’s unprovoked aggression against Ukraine will likely prove to be greater, a former U.S. Cyber Command official told VentureBeat.
Anonymous is the most visible group to pledge a cyber offensive against Russia on behalf of Ukraine, but some of the most sophisticated hacker groups are known to avoid attention as much as possible. Research published earlier this week by a Chinese security firm indicates that a U.S.-affiliated organization, referred to as the Equation Group, is in fact “the world’s leading cyber-attack group” — whose attack capability, paired with zero-day vulnerabilities, is essentially “unstoppable.”
The cyber battlefield
Meanwhile, in Ukraine itself, a Bloomberg report today said that a hacker group that is now forming to bring counterattacks against Russia has amassed 500 members. And beyond Ukraine, “there are probably 100X that number of hacktivists around the world working against Russia because they are the aggressor,” said Christian Sorensen, former operational planning team lead for the U.S. Cyber Command, in an email to VentureBeat.
Thus, while Russian ransomware gang Conti, the Belarus-based group known as UNC1151 and several other hacker groups may have pledged to assist Russia with its aggression against Ukraine, the cyber forces on Ukraine’s side will likely turn out to have the upper hand, Sorensen said. (And there’s reason to suspect that even some of Conti’s own affiliates aren’t actually willing to support the Russian government in this situation.)
Looking ahead, “I think things will ramp up against western targets,” Sorensen said. “But Russia and Belarus will be targeted by these groups even more.”
It’s hard to predict exactly how things might develop, given that this is uncharted territory, however.
“It will be unprecedented,” said Marcus Fowler, senior vice president for strategic engagements and threats at Darktrace. “We have not seen a conflict on this scale with such sophisticated offensive cyber capabilities on both sides.”
This week, prior to Russia’s invasion of Ukraine, Chinese cybersecurity firm Pangu Lab posted research on the hacker group known as Equation Group — a name given to the group by Russian cybersecurity firm Kaspersky Lab in 2015.
The research concerns a backdoor, known as Bvp47, and Pangu contends that its findings suggest that a previous claim about the group — that it is affiliated with the NSA — is correct. (The NSA has never commented on the claim.)
Though the backdoor is nearly a decade old, initially discovered in 2013, the Pangu said it is “top-tier” — and evidence that the Equation Group is the “leading” cyberattack group.
“Its network attack capability equipped by 0day vulnerabilities was unstoppable, and its data acquisition under covert control was with little effort,” Pangu Labs wrote in the research. “The Equation Group is in a dominant position in national-level cyberspace confrontation.”
All of which is consistent with Kaspersky’s assessment of the Equation Group in 2015, when the company’s research team wrote that the Equation Group “surpasses anything known in terms of complexity and sophistication of techniques” — and a Kaspersky researcher told Ars Technica that the group is “second to none” in terms of skills and abilities.
Sorensen, who is now founder and CEO of cybersecurity firm SightGain, said the Pangu research on Equation Group is a “very interesting report, with extraordinary timing” in terms of its publication in the midst of the events this week.
And notably, in the report, “the research pointed out a common thread from 10 years ago that also existed in Equation Group report,” Sorensen said. “If that technical detail is still being used, it could slow down or impact operations of people using those tools. Further, it suggests that commonality between toolsets will be a tipoff for initial attribution — and then sometimes watched, and not reported, for 10 or more years.”
All in all, with the events of recent days, “we are seeing very clear signs of escalated cyber tensions,” said Stan Golubchik, founder and CEO of cybersecurity firm ContraForce. “We are seeing cyber fully emerge as the fifth domain of war.”
Making an impact
Ultimately, while it’s not clear how much can be accomplished by anti-Russian cyber forces, there is now the potential for people all around the world to actively participate in trying to thwart a military offensive, Sorensen said.
“This is the new nature of cyberwar,” he said.
“Whether sanctioned or not, official or not, if people have or can get the right information, know-how, and desire — they can make an impact,” Sorensen said. “We’ll have to wait and see what they are able to do.”
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More