Withsecure’s research director Mikko Hyppönen says that the company has proven that Russian military intelligence carried out an attack on an Estonian logistics company.
Russian military intelligence has carried out a cyberattack on an Estonian logistics company, says a Finn information security company Withsecure.
Russia also appears to have tampered with the systems of water utilities in the United States, France and Poland, says the company owned by Google Mandiant security company.
So far, the cyberattacks do not appear to have caused significant disruption. For example, in the United States, the impact caused one water tank to overflow its banks until the system was brought back under control, the news channel CNN says.
It is still a serious matter if Russia has started to carry out cyber attacks on vital functions such as water supply in NATO countries.
– It’s a sort of escalation, that we see more than just data collection, spying and intelligence, assesses Withsecure’s research director Mikko Hyppönen To .
Hyppönen: Russia attacked Estonia
At the end of 2022, a malicious program called Kapeka penetrated the systems of an Estonian logistics company. A recent study by Withsecure provides additional information about the perpetrator of the attack.
– Our research connects the Kapeka malware directly to the Sandworm unit, which is the cyber unit of the Russian military intelligence, says Hyppönen.
The cyber unit has carried out several serious destructive attacks in Ukraine, for example by knocking down the country’s electricity grid.
According to Hyppönen, the malware of the Sandworm cyber unit in Estonia caused disruptions to the logistics company’s systems. He does not elaborate on the matter.
Russia is suspected of attacks on water facilities
According to the Mandiant company, the same Sandworm unit of the Russian military intelligence is probably also behind the cyber attacks that have taken place in the United States, Poland and France in recent months.
In the attacks, the attacker tampered with the water utilities’ information systems.
In these cases, the connection to the Russian state is not entirely indisputable. A Russian hacker group called Cyber Army of Russia has claimed to be the perpetrator of the attacks, which has also published evidence of the attacks.
However, according to the Mandiant company, there are several signs that the hacker group is actually under the control of, or even founded by, Russian intelligence. Hacker group and Russian intelligence share information with each other.
According to Hyppönen, until now it has been thought that Russian “patriotic” hacker groups are not under the direct control of the state. Rather, Russia has allowed them to operate freely.
– If they have direct links to military intelligence or other government units, it changes the situation, Hyppönen says.
According to Hyppönen, the advantage of cyber attacks has traditionally been precisely that the perpetrator cannot be named with certainty. In this way, states have not had to worry about countermeasures caused by, for example, traditional military operations.
Finland is well prepared
According to Hyppönen’s information, Russia has so far not carried out destructive attacks on Finland. Still, Russia is not idle.
– I think it is likely that the Russian state is also currently breaking into Finnish systems in order to spy and conduct intelligence.
According to Hyppönen, Finland is better prepared for cyber security than most other European countries. Finland has a lot of expertise in the field and cyber security has been strengthened for a long time.
In Hyppönen’s opinion, there would be room for improvement. For example, in his opinion, experts in the cyber field should be better utilized in national defense.
– It would be smart if experts in information networks and information security were also in the reserve doing the same things as at work.