With SolarWinds Hack, Suspected Russian Hackers Again Flex Moscow’s Spycraft Muscle

While the hack so far appears to fall short of a destructive cyberattack, the use of stealthy tradecraft and a never-before-seen digital tool kit serves as a potent reminder of Russia’s cyber capabilities and its willingness to use them at scale, analysts say. The range of targets—from the departments of Commerce, State and Homeland Security to the National Institutes of Health—could provide Russian leaders with indispensable intelligence and secrets that can be used at a later stage.

Ultimately, the hack signals to the West that years of international sanctions haven’t hampered Russia’s global ambitions or deterred its security apparatus from conducting broad-based operations with impunity, analysts say.

“It’s always good to sneak into these systems and collect some intelligence that you can use in the future. It’s classic industrial and political espionage,” said Andrei Soldatov, an expert and author on Russia’s spy agencies.

“On a political level, this could be very important too,” he said. “Such operations send a message that Russia has its strong intelligence agencies and they can’t be slowed down by the Americans.”

Mark Galeotti, an expert on Russia’s intelligence services and senior associate fellow at the British think tank Royal United Services Institute, said that the hack shows that Russia will continue its cyber operations unabated.

“If you think the Americans are out to get you, like many in Russia do, you have no reason not to do your worst,” he said.

The Kremlin has denied involvement in the hacks. Mr. Putin’s spokesman, Dmitry Peskov, on Monday called the allegations “continuation of blind Russophobia.” Russian officials said this week that the country isn’t conducting “offensive” operations in cyberspace. In his September statement, Mr. Putin proposed reaching an agreement “on no-first-strike with the use of [digital technologies] against each other.”

U.S. intelligence leaders frequently acknowledge the extreme level of cyber skills Russian hackers possess, but always say they aren’t as good as what the U.S. spies can manage. A former senior U.S. intelligence official said the hack should prompt a period of serious reflection about whether Russia’s hackers are superior, because a frank admission that the U.S. has fallen behind a chief adversary could prompt a necessary recommitment to improving cyber capabilities and defenses.

“People in the Pentagon don’t like to think of the Russians are superior to us in anything,” the former official said. “We are playing a game against adversaries who are our equals, maybe our superiors, in the cyber domain.”

U.S. and Russian experts say that since the hack doesn’t appear to have altered or damaged data and no computer systems or other infrastructure appear to have been damaged so far, it was a classic act of cyber espionage and a modern example of great power competition.

“Cyber espionage is a legitimate state activity,” said Vladimir Frolov, former senior Russian diplomat and Moscow-based political analyst. “Every self-respecting state does that. Given a similar opportunity to collect information on Russian targets, the NSA or the CIA would not hesitate for a second.”

But the sheer magnitude of the Russian heist changes the dynamics of the act and should be factored into Washington’s potential response options, some U.S. intelligence officials and security experts have said.

“In no way, shape or form have they exercised any discretion that they’ve met the standard of necessity or proportionality,“ said Chris Inglis, the former deputy director of the NSA, during a panel discussion Thursday about the hack. ”It is brazen, it is impactful, it is indiscriminate.”

Russian cyber operations have evolved since 2016 when U.S. intelligence found that Russia interfered in the presidential election, which Moscow denies.

Four years ago, hackers primarily relied on spearphishing—an attack that involves posing as another person to trick an email recipient to click on a malicious link—to steal login credentials. They have recently deployed more reconnaissance tactics, such as password sprays, which target a wider net of people with automated attempts to essentially guess passwords.

In the latest hack, instead of targeting organizations directly, the hackers broke in through a software backdoor and used it as a springboard to reach their marks. They sneaked their malicious code into the legitimate software of a trusted software maker—an Austin, Texas-based company called SolarWinds Corp. and its software called Orion. As many as 18,000 companies downloaded the malicious SolarWinds update.

While U.S. government officials and cybersecurity experts have concluded that Russia is likely responsible for the hack, the actual perpetrator behind the breaches is less certain.

Some U.S. officials and experts suspect Russia’s foreign-intelligence service, known by the initials SVR, was behind the infringements, though other security experts involved in probing the hack believe a previously unknown Russia cyber espionage group may be responsible.

Mr. Soldatov said that the hack could have been a joint operation between the SVR and the Federal Security Service or FSB, Russia’s domestic spy agency, which is known for its extensive cyber capabilities and has experience with similar hacks, he said. The SVR, on the other hand, doesn’t have the same cyber resources and technical expertise and would have been involved in providing intelligence on how and where to conduct the hack, he added

Another Russian security agency, the military intelligence known as GRU, has gained notoriety in recent years and was linked by U.S. authorities to the cyber meddling during the 2016 election and other operations in subsequent years that knocked out Ukraine’s energy grid, exposed emails from the French president’s party and damaged global systems.

While there’s still uncertainty over whether the latest cyber theft involved collaboration among intelligence agencies, what’s clear is that with competition rife between such organizations in Russia pulling off a hack like this could be a way to get an edge on rivals, according to analysts.

“They all want to prove to the boss [Mr. Putin] that they are the best, the most imaginative, the most loyal,” Mr. Galeotti said. “They are all competing for access, for resources. “Russia is a system where agencies can get devoured by their rivals if they look weak or inefficient.”

Russian officials have gone on the counter offensive, charging that their nation is the target of foreign hackers.

Konstantin Kosachev, the chairman of the foreign affairs committee of Russia’s upper house of Parliament, claimed last week that some 30% of hacking attacks on Russia come from the U.S..

Mr. Putin, while denying state-backed hacking campaigns, has defended Russian cyber spies in the past, comparing hackers to artists.

“If artists get up in the morning feeling good, all they do all day is paint. The same goes for hackers,” he said in 2017. “If they are feeling patriotic they will start contributing, as they believe, to the justified fight against those speaking ill of Russia.”

On Sunday, at a ceremony on the outskirts of Moscow commemorating an SVR anniversary, Mr. Putin praised the agency’s intelligence operations and said that it should focus on ensuring information security, among other topics.

“I know firsthand what we are talking about here, and offer my highest praise for these complicated and professional operations,” he said.

Write to Georgi Kantchev at [email protected] and Dustin Volz at [email protected]