US Defense Secretary Pete Hegseth’s shock directive to US Cyber Command to pause offensive cyber-operations against Russia may have unforeseen consequences for organizations across the US. It would mean that the West could be blind-sided by a lack of actionable intelligence regarding Russia’s ongoing cyber-war against countries such as the US and the UK.
Russian groups are already upping cyber-attacks on the US. In December, Cyber Intelligence reported that two Russian groups, the People’s Cyber Army and Z-Pentest, claim to have taken attacks on critical infrastructure in the US to a new and more dangerous level. This was evidenced by Telegram videos detailing attacks on US energy and water facilities far beyond the previously supposed capabilities of such groups.
This followed a stark warning in October from software giant Microsoft that the Russian secret service is currently sending thousands of weaponized spear-phishing emails to key individuals in over 100 organizations in countries including the US and the UK. The group responsible is a Russian threat actor known as Midnight Blizzard, sometimes referred to as APT29 or Cozy Bear.
Organizations across all sectors are now vulnerable
The United States and United Kingdom governments believe that Midnight Blizzard is a front for the Foreign Intelligence Service of the Russian Federation, also known as the SVR. It is known to primarily target governments, diplomatic entities, non-governmental organizations (NGOs), and IT service providers, primarily in the US and Europe. Its focus is believed to be to collect intelligence through longstanding and dedicated espionage of foreign interests that can be traced to early 2018. But companies whose activities fall outside the categories so far targeted by Midnight Blizzard are also under threat, as the Russian threat actor is reported to be using supply-chain attacks with all types of service providers and contractors to breach targeted organizations.
As there is no indication that the US cyber truce with Russia is at all reciprocal, this potentially leaves organizations across all sectors vulnerable to what is an ongoing series of campaigns aimed at weakening the West’s economies while gathering intelligence. This intelligence can then be used to orchestrate more damaging security breaches resulting in ransomware attacks and, of course, blackmailing of key executives and government employees.
According to Johnathan Lightfoot, President of cybersecurity company Symbiont, Hegseth’s unexpected initiative could result in the potential emboldening of Russian ransomware groups.
The move should be seen in the context of President Trump’s ongoing dialogue with Vladimir Putin to negotiate a ceasefire in Ukraine. But the question now being asked is whether it might leave the West open to a new wave of ramped up Russian cyber-attacks and cyber espionage.
