Russia's 'Info Warrior' Hackers

At WSJ, "How Russia’s ‘Info Warrior’ Hackers Let Kremlin Play Geopolitics on the Cheap":

The sprawling SolarWinds hack by suspected Russian state-backed hackers is the latest sign of Moscow’s growing resolve and improving technical ability to cause disruption and conduct espionage at a global scale in cyberspace.

The hack, which compromised parts of the U.S. government as well as tech companies, a hospital and a university, adds to a string of increasingly sophisticated and ever more brazen online intrusions, demonstrating how cyber operations have become a key plank in Russia’s confrontation with the West, analysts and officials say.

Moscow’s relations with the West continue to sour, and the Kremlin sees the cyber operations as a cheap and effective way to achieve its geopolitical goals, analysts say. Russia, they say, is therefore unlikely to back off from such tactics, even while facing U.S. sanctions or countermeasures.

“For a country that already perceives itself as being in conflict with the West practically in every domain except open military clashes, there is no incentive to leave any field that can offer an advantage,” said Keir Giles, senior consulting fellow at Chatham House think tank.

The scope of Russia’s cyber operations has grown in tandem with Moscow’s global ambitions: from cyberattacks on neighboring Estonia in 2007 to election interference in the U.S. and France a decade later, to SolarWinds, seen as one of the worst known hacks of federal computer systems.

“We can definitely see that Russia is stepping on the gas on cyber operations,” said Sven Herpig, a former German government cybersecurity official and expert at German independent public-policy think tank Stiftung Neue Verantwortung. “The development of new tools, the division of labor, the creation of attack platforms, has all increased in sophistication over the years,” he said.

Jamil Jaffer, a former White House and Justice Department official, said that cyber operations have become “a significant part of [Russia’s] play.”

“It’s allowed them to level up,” said Mr. Jaffer, senior vice president at IronNet Cybersecurity.

Russia has consistently denied engaging in state-backed hacking campaigns, including SolarWinds, maintaining that the country isn’t conducting offensive cyber operations. In September, Russian President Vladimir Putin proposed a reset of U.S.-Russia information-security relations.

“Russia is not involved in such attacks, particularly in [SolarWinds]. We state this officially and resolutely,” Kremlin spokesman Dmitry Peskov said recently. “Any allegations of Russia being involved are absolutely groundless and appear to be the continuation of a kind of blind Russophobia,” he said.

But analysts say that Moscow has added hacking to its arsenal of so-called gray-area activities—a type of warfare that stops short of actual shooting—alongside disinformation campaigns and the use of “little green men,” the masked soldiers in green uniforms who appeared with Russian arms on Ukrainian territory in 2014.

Jeffrey Edmonds, a former White House and Central Intelligence Agency official who studies Russia at CNA, a nonprofit research organization that advises the Pentagon, said that Russia’s cyber operations have numerous simultaneous goals, including gathering intelligence, testing capabilities, preparing for potential conflict by mapping adversaries’ critical infrastructure and laying the groundwork for cyber negotiations.

Such operations are a relatively inexpensive and effective way to conduct geopolitics, said Bilyana Lilly, researcher at think tank Rand Corp. That is crucial for Russia, which is facing considerable economic and demographic challenges and whose economy is smaller than Italy’s. A 2012 article in an official Russian military journal said that the “complete destruction of the information infrastructures” of the U.S. or Russia could be carried out by just one battalion of 600 “info warriors” at a price tag of $100 million.

Responding to Moscow’s increased cyber activity has been a challenge. Washington’s retaliation measures—sanctions, property seizures, diplomatic expulsions, even the cyber equivalent of warning shots—appear to have done little to deter hacks...