Russian hackers are charged with violating a Republican National Committee contractor last week, around the same time that Russian cybercriminals did the largest global ransomware attack Incidents testing the red lines drawn by President Biden during his tenure are on record High stakes peaks with President Vladimir V. Putin of Russia last month.
The RNC said in a statement Tuesday that one of its technology providers, Synnex, had been hacked. While the extent of the attempted violation remained unclear, the committee said none of its data had been accessed.
First indications indicated that the perpetrator was the Russian secret service SVR, according to the investigators in the case. The SVR is the group that the Democratic National Committee first hacked six years ago and recently the one SolarWinds attack that permeated more than half a dozen government agencies and many of the largest US corporations.
The RNC attack was the second apparently Russian origin to go public in the past few days, and it was unclear as of late Tuesday whether the two were related. On Sunday, a Russia-based cybercriminal organization called REvil claimed responsibility for a cyber attack over the long holiday weekend that distributed between 800 to 1,500 companies around the world. It was one of the largest attacks in history, with hackers shutting down systems until a ransom is paid, security researchers said.
The twin attacks are a test for Mr Biden just three weeks after he demanded in his first meeting as President with Mr Putin that the Russian leader curb ransomware activity against the US. At the meeting, Mr Biden later said, he presented Mr Putin with a list of 16 critical sectors of the American economy that, if attacked, would provoke a response – although he was reluctant to see what that response would be.
“If they actually violate these basic norms, we will respond with cyber, ” said Mr Biden at a press conference immediately after the meeting. “He knows.” But he was quick to add from Putin that “I think the last thing he wants now is a cold war.”
White House officials prepared to meet on Wednesday to discuss the latest ransomware attack, which used the innovative technique to break into the supply chain of software used by governments, federal agencies and other organizations – a tactic which the SVR used in SolarWinds last year.
The White House did not immediately respond to a request for comment on the violation of Synnex, the RNC contractor.
The latest attacks appeared to cross many lines that Mr Biden said he would no longer tolerate. In last year’s election campaign, he made Russia “aware” that, as President, he would act aggressively against any interference in the American elections. He then called Putin in April to warn him of impending economic sanctions in response to the SolarWinds violation.
Last month, Mr Biden used the summit meeting with Mr Putin to argue that ransomware is emerging as an even bigger threat, causing the kind of economic disruption that no state could tolerate. Mr Biden specifically mentioned the cessation of gasoline flow on the east coast an attack on the Colonial Pipeline in June, as well as the closure of a major meat processing plant and previous ransomware attacks that paralyzed hospitals.
The issue has become so urgent that it has begun shifting negotiations between Washington and Moscow and bringing digital weapons control to a level of urgency previously seen primarily in nuclear arms control negotiations. On Tuesday, White House press secretary Jen Psaki said American officials will meet with Russian officials next week to discuss ransomware attacks – a dialogue the two leaders agreed at their Geneva summit.
On Saturday, when the attacks were underway, Putin gave a speech introducing Russia’s latest national security strategy, which outlines measures to respond to foreign influence. The document claimed that Russian “traditional spiritual, moral and cultural-historical values are actively attacked by the US and its allies”.
While the strategy reaffirmed Moscow’s commitment to diplomatic conflict resolution, it stressed that Russia “considers it legitimate to take symmetrical and asymmetrical measures” to prevent “unfriendly actions” by foreign states.
The remarks, cybersecurity experts said, were Putin’s response to the summit with Mr Biden.
“Biden did a good job setting a marker, but if you’re a thug the first thing you test for is that red line,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. “And we see that here.”
Mr. Lewis added that “low penalties” like sanctions had been exhausted. “The White House will have to take more aggressive action, be it in cyberspace or a more painful legal or financial maneuver,” he said.
Stricter measures have long been discussed and occasionally applied. When Russian intelligence agencies smuggled malicious code into the American power grid in recent years – where it is suspected to this day – the United States, for its part, has put code into the Russian grid, and made sure it was seen as a deterrent. Before the 2020 elections, the US Cyber Command shut down the servers of a major Russian cybercrime to prevent the voting infrastructure from being blocked.
But tougher measures usually sparked debate over whether the United States risked escalation. Participants in those discussions said that they usually lead to decisions to stay on the safe side because much of America’s infrastructure is poorly defended and vulnerable to counterattack.
Without question, the pace of the daily near-war cyber conflict with Russia is accelerating. This has led the Biden administration to look for new diplomatic options. The State Department is in talks with representatives from around 20 foreign governments to develop a range of ramifications for foreign cyberattacks, which would include sanctions, diplomatic expulsions and more aggressive counter-attacks, including cyber attacks.
Synnex’s likely SVR violation left it unclear whether the RNC was the target or whether it was accidental collateral damage in a wider hack that may not have been targeted against the Republicans.
In a statement, Synnex said the attempted breach of its systems “could possibly be related to the recent cybersecurity attacks”.
“Was that an untargeted shotgun shot or was it a careful, aimed rifle shot at a foreign intelligence target?” Said Bobby Chesney, director of the Robert S. Strauss Center for International Security and Law at the University of Texas at Austin.
If it is the former, he said, it could exceed the line the White House set in punishing Russia for violating SolarWinds and its customers. If it was the latter, it can be viewed as the type of information gathering that all major states are involved in – and therefore probably not something the United States was likely to want to punish.
When the National Democratic Committee was met, first by the SVR in 2015 and then by the Russian military intelligence agency GRU in 2016, evidence uncovered by the FBI showed that servers used by the RNC, including contractors, were under attack. (There was no evidence that the servers contained sensitive data or that the data was stolen.)
The White House could face a more complex problem when it comes to how to deal with the ransomware attacks that took place over the weekend of July 4th.
The attack, which began with an attack on Kaseya, a software maker in Florida, showed a level of sophistication unusual for ransomware groups, security experts said. REvil appeared to break through Kaseya on a “day zero” – an unknown flaw in the technology – according to the researchers, and then used the company’s access to its customers’ computer systems to carry out ransomware attacks on its customers.
Researchers in the Netherlands had pointed out the flaw in its technology to Kaseya, and the company was working on a solution when REvil defeated them, researchers said. It’s unclear if the timing was a fluke or if cyber criminals were made aware of the bug and quickly worked to exploit it.
In the past, REvil relied on more basic hacking methods – like phishing emails and unpatched systems – to break in, researchers said. The group has called for $ 70 million in Bitcoin to release a tool that would allow all infected companies to recover, a sum they had slumped to $ 50 million by Tuesday.
White House spokeswoman Ms. Psaki warned companies Tuesday against paying as it would encourage criminals to move on. “The FBI has basically told companies not to pay ransom,” she said.
Annie Karni Reporting contributed.