Hackers associated with Russian intelligence recently targeted an American engineering company, as revealed by U.S. cybersecurity firm Arctic Wolf. The attack occurred in the fall and appeared to be connected to the company's prior work with a U.S. municipality that has a sister city relationship with a community in Ukraine.
This incident illustrates the evolving strategies employed by Russia in its cyber warfare, showcasing an increasing willingness to attack various entities that support Ukraine, even in indirect ways. According to Arctic Wolf, the engineering firm had no direct involvement with Russia's invasion of Ukraine, but it was still a target due to its associations with Ukrainian interests.
Ismael Valenzuela, Arctic Wolf's vice president of labs, threat research, and intelligence, explained that the group responsible for the attack, identified as RomCom, routinely targets organizations with connections to Ukrainian civil society, government functions, or support systems. Valenzuela noted, "They routinely go after organizations that support Ukrainian institutions directly, provide services to Ukrainian municipalities, and assist organizations tied to Ukrainian civil society, defense, or government functions."
Arctic Wolf detected the attack in September, enabling them to thwart further disruption to the engineering firm's operations. However, they chose not to disclose the identity of the targeted company or the specific city involved to protect sensitive information regarding cybersecurity measures.
The Russian Embassy in Washington did not immediately respond to requests for comment about the incident. The situation highlights the risks faced by organizations engaged in sister-city relationships, a program that promotes social and economic exchanges between communities worldwide.
Many U.S. towns and cities, including cities like Chicago, Baltimore, Albany, and Cincinnati, maintain sister-city affiliations with Ukrainian municipalities. The timing of the cyberattack coincided with a warning from the FBI indicating that Russian-linked hackers were attempting to infiltrate U.S. networks, aiming to disrupt critical infrastructure or important systems. According to the U.S. Cybersecurity and Infrastructure Security Agency, the objectives of these hackers include hindering aid and military supplies to Ukraine, punishing businesses with connections to Ukraine, or stealing sensitive military and technical information.
In a related development, last month, Ukraine's Digital Security Lab, alongside investigators from SentinelOne, uncovered a coordinated hacking campaign targeting relief organizations supporting Ukraine, such as the International Red Cross and UNICEF. This campaign utilized deceptive emails impersonating Ukrainian officials, designed to trick users into unwittingly infecting their computers with malware by clicking on malicious links.
While SentinelOne refrained from directly attributing this attack to the Russian government, they suggested that the operation specifically focused on groups assisting Ukraine and required extensive planning—approximately six months. The investigators characterized the responsible adversary as "highly capable" and adept at both offensive tactics and defensive evasion strategies in the cyber realm.
The ongoing cyber conflict highlights the increasing stakes in the digital domain, especially as organizations worldwide align themselves with Ukraine in various capacities. The implications for cybersecurity and the protection of critical systems are significant, warranting vigilance and preparedness against persistent cyber threats.
