NSA sees ‘significant’ Russian intel gathering on European, U.S. supply chain entities
SAN FRANCISCO — Russian hackers are focused on using ransomware to attack supply chains both within Ukraine and in European countries being used to provide weapons and humanitarian aid in support of the Ukrainian war effort, a top National Security Agency official said Wednesday.
And as the war drags on, Russian hackers could be looking to attack logistics targets more broadly, including in the United States, said Rob Joyce, the NSA’s director of cybersecurity. The NSA is seeing “a significant amount of intelligence gathering into the Western countries, to include the U.S., in that logistics supply chain,” Joyce said during a briefing at the RSA Conference.
There are no indications yet that any U.S. companies have been attacked with ransomware in connection with logistics related to Ukraine, he added, noting that how the United States would respond to such a scenario would be “a policymaker question.” If Russia broadened its attacks beyond Ukraine and its near abroad, that would represent “a significant escalation in tactics and capabilities,”Joyce said.
Military and humanitarian supplies — especially lethal aid from the United States and European countries — have played a pivotal role in Ukraine’s relatively successful effort to fend off the Russian invasion. The U.S. has provided Ukraine with nearly $30 billion in support along with a range of military equipment, including tanks and ammunition. The conflict in Ukraine marks the first time in the history of the European Union that the bloc has supplied lethal aid to another country.
Undermining that external support could provide a boost to the Russian war effort. “I think they’re trying to figure out what is the way to disrupt the logistics internal to Ukraine, but especially all of the surge that the West has been able to bring forth, both lethal and the humanitarian goods flowing in,” Joyce said.
Joyce’s warning on ransomware attacks on supply chains comes six months after the first publicly known instance of such an attack. In October, the Russian military intelligence hacking unit known as “Sandworm” targeted transportation and logistics companies within Ukraine and Poland with ransomware in October, according to Microsoft researchers.
That attack relied on a previously unidentified ransomware variant dubbed “Prestige,” and some observers perceived the decision to deploy ransomware against supply chains in Poland, a NATO member, as an escalation in Russia’s willingness to use its cyber capabilities to prosecute the war beyond Ukrainian borders.