The alleged Russian hacking of President Emmanuel Macron’s En Marche party on the final day of the French election campaign this month was perhaps no big surprise. To many who suspect Russia of trying to destabilise western democracy, the attack was a logical follow-on from its supposed interference in last year’s US presidential election.
This and other attacks on US and European targets have, in western eyes, made Russia the most feared state-sponsored cyber attacker.
China, with its focus on corporate espionage, was previously considered the most serious threat but it has scaled back its operations, experts say.
Russia has now taken this mantle in both the corporate and political arenas. Daniel Coats, the US’s director of National Intelligence, is clear about the threat the country poses. “Moscow has a highly advanced offensive cyber programme, and in recent years the Kremlin has assumed a more aggressive cyber posture,” he told the Senate Select Committee on Intelligence this month.
Mr Coats added: “This aggressiveness was evident in Russia’s efforts to influence the 2016 US election, and we assess that only Russia’s senior-most officials could have authorised the 2016 US election-focused data thefts and disclosures, based on the scope and sensitivity of the targets.”
James Lewis, senior vice-president at the Center for Strategic and International Studies, a Washington DC-based think-tank, says the Russians “probably feel that for the amount of turmoil they created in the US presidential campaign, what they did was something of a success”.
He adds: “We now have to watch how they will go after European politics and elections. Two things make me think it’s a threat. First, it’s been Russian doctrine for years. Second, Putin himself appears deeply committed to destabilising western democracy.”
The EU is updating its cyber defences in response. Sir Julian King, the European commissioner for the Security Union, which aims to strengthen the common fight against terrorism and organised crime among EU member states, says: “I do not wish to comment on specific allegations of Russian state-sponsored cyber attacks on European governments and companies, because the threats originate from all over the world, from all kinds of organisations and people — unfriendly states, criminal gangs, terrorists and disaffected individual hackers.
“That’s why the EU is reviewing its cyber security strategy, which dates from 2013. In digital terms that’s the Middle Ages.”
Mary McCord, the former acting assistant attorney-general for national security at the US Department of Justice (DoJ), who spoke to the FT just before she stepped down from her position in May and before the head of the FBI, James Comey, was fired by US President Donald Trump, said: “The Russian cyber activities directed against the US, including last year’s theft of email messages from political organisations in an effort to interfere with the US election, are a serious threat and deserve a serious set of responses.”
Ms McCord added: “One of those responses has been a detailed and thorough investigation, which the FBI has previously announced is ongoing.”
Mr Comey’s sudden dismissal initially seemed to have thrown the future of the investigation into doubt. The inquiry was also probing whether Mr Trump or anyone in his campaign team colluded with the Russians to hack into the emails of his Democratic rival Hillary Clinton during the 2016 presidential election campaign. However, a few days after Mr Comey’s sacking, Andrew McCabe, the FBI’s acting director, insisted the agency’s Russia probe would not be knocked off course.
Ms McCord also pointed to firm evidence that Russian agents had already been actively targeting US interests. The DoJ and the FBI announced in March that four people — including two officers of the FSB (the Russian Federal Security Service) — had been indicted for hacking into Yahoo’s network and stealing information from more than 500m webmail accounts.
She said: “I would also refer you to the recent Yahoo indictment which shows that FSB officers were involved, and, in some instances, even protected, directed, facilitated and paid criminal hackers to conduct computer hacking.”
The threat from China is receding, Ms McCord added. “We have deployed a combination of US government actions to change China’s behaviour and win a historic commitment from President Xi that China will not conduct or support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
Britain’s Defence Secretary Sir Michael Fallon warned in a recent speech about Russia’s “use of cyber weaponry to disrupt critical infrastructure and disable democratic machinery” in the west and to “weaken” Nato.
Sorin Ducaru, assistant secretary-general for emerging security challenges at Nato, the western military alliance, says that “states and non-state actors are increasingly using cyber attacks to achieve a wide range of tactical or strategic objectives”. Of Russia’s involvement, he says: “I would draw attention to recent public reports regarding cyber attacks against critical infrastructure, such as the case in 2015 in Ukraine, and against government computer systems, such as the German Bundestag in 2015/2016.”
John Hultquist, cyber security analysis manager with cyber security company FireEye, says countless attacks can be traced back to Russia. “The groups known as APT 28 and APT 29 have conducted espionage activity that has primarily targeted entities in the US, Europe and the countries of the former Soviet Union,” he says.
“After APT 28 has compromised a victim organisation and stolen internal data, the data are leaked to promote political narratives aligned with Russian interests, often using a false ‘hacktivist’ persona.”
More than 89 per cent of the malware samples attributed to APT 28 by Mr Hultquist’s team were compiled during the hours of the Moscow and St Petersburg working day. Early versions of APT 28’s signature Gamefish malware contained Russian language artefacts, he adds.
The Financial Times asked the Russian Ministry of Foreign Affairs to comment on the many allegations of Russian government complicity in cyber attacks against the west, but it declined.
Although the threat from Russia seems to be increasing, the good news for western businesses and governments is that Chinese-linked cyber attacks seem to be decreasing, although they have not gone away completely.
Mr Hultquist says that from late 2015 to 2017, his company observed China-based groups compromising commercial corporations’ networks in the US, Europe and Japan. “Additionally, Chinese operators have targeted government, military and commercial entities in the countries surrounding China.”
Wieland Alge, general manager for Emea at security provider Barracuda Networks, agrees that hacking by Chinese state groups has “massively” reduced. “Ten years ago China did not have much to lose so they took a lot of risks stealing intellectual property and engaging in corporate espionage,” he says. “Now its economy is more developed, so they have something to lose if they continue antagonising the west.”
Get alerts on Cyber warfare when a new story is published