In these series of articles, we will review US sanctions on Russia. The chronology, what they are about and what are reasons why they appear. The article was prepared for publication by volunteers of the Res Publica – Civic Resilience Center.
In the past decade the Russian government has mounted more than a dozen significant cyberattacks against foreign countries, sometimes to help or harm a specific political candidate, sometimes - to sow chaos, but always to project Russian power. Starting in 2007, the Russians attacked former Soviet satellites like Estonia, Georgia and Ukraine, and then they have branched out to Western nations like the US and Germany. US intelligence officials and cyber experts say that a strategy that pairs cyberattacks with on-line propaganda was launched by Russian intelligence a decade ago and has since been refined and expanded.
The beginning of significant cyberattacks can be considered the April – May 2007: Estonia, a tiny Baltic nation that was occupied by the Soviet Union until 1991, angered Moscow by planning to move a Russian World War II memorial and Russian soldiers’ graves. Russia retaliated by temporarily disabling Estonia’s internet, an especially harsh blow in the world’s most internet-dependent economy. The distributed denial of service (DDoS) attack focused on government offices and financial institutions, disrupting communications.
Next year, in 2018, when Russia invaded Georgia, Russian hackers launched an attack on Georgia’s internet. The first time Russia coordinated military and cyber action. Georgia’s internal communications were effectively shut down.
January 2009: As part of an effort to persuade the president of Kyrgyzstan to evict an American military base, Russian hackers shut down two of the country’s four internet service providers with a DDoS attack. It succeeded. Kyrgyzstan removed the military base. Subsequently, Kyrgyzstan received $2 billion in aid and loans from the Kremlin.
August 2009: Russian hackers shut down Twitter and Facebook in Georgia to commemorate the first anniversary of the Russian invasion.
March 2014: For the second time, the Russian government allegedly coordinated military and cyber action. A DDoS attack 32 times larger than the largest known attack used during Russia’s invasion of Georgia disrupted the internet in Ukraine while Russian-armed pro-Russian rebels were seizing control of the Crimea.
May 2014: Three days before Ukraine’s presidential elections, a Russian-based hacking group, took down the country’s election commission in an overnight attack. Even a back-up system was taken down, but Ukrainian computer experts were able to restore the system before the day of elections . Ukrainian police said that they arrested the hackers who were trying to rig the results. The attack was aimed at creating chaos and hurting the nationalist candidate while helping the pro-Russian candidate. Russia’s preferred candidate lost.
May 2015: German investigators discovered that hackers had penetrated the computer network of the German Bundestag, the most significant hacking attack in German history. The BfV, German’s domestic intelligence service, later said that Russia was behind the attack and that they were seeking information that is not only related to the workings of the Bundestag, but also to the German leaders and NATO, among others. Security experts said hackers were trying to penetrate the computers of Chancellor Angela Merkel’s Christian Democratic Party.
December 2015: Hackers believed to originate from Russia took over the control center of a Ukrainian power station, locking controllers out of their own systems and eventually leaving 235,000 homes without power.
2015 – November 2016: In the US, Russian hackers penetrated Democratic Party computers and gained access to the personal emails of party officials, which in turn were distributed to the global media by WikiLeaks.
October 2015: Security experts believe that the Russian government tried to hack into the Dutch government’s computers to pull out a report about the shoot down of Flight MH17 over Ukraine.
January 2016: A security firm announces that it believes Russian hackers were behind attacks on Finland’s Foreign Ministry several years before.
In 2018, the CERT (Computer Emergency Response Team) reported that the Russian government is conducting a “multi-level campaign targeting small commercial internet networks”. There they deploy malware, steal data and seek remote access, especially to networks in the energy sector.” It was also noted that “such access led to gathering of the information about IT networks and the collection of various information related to industrial management systems”. The burglaries were detected in at least a dozen US power plants, water utilities, government agencies and aviation companies.
In 2020 a group of Russian foreign intelligence (SVR) programmers known as APT29 or Cozy Bear found a loophole in SolarWinds Orion’s top security management system. They broke into many US governmental agencies, including the Treasury, Trade and Energy Departments and the National Nuclear Security Administration. This hacking was so serious that on the 12th of December 2020 the US government held an extraordinary meeting to discuss the situation.
In February 2021 cyber security company Dragos Inc. announced that since 2017 the so-called Sandworm team or Unit 74455 which is a part of the Russian Military Intelligence Agency (GRU) has been targeting electricity grid, oil, gas and other facility companies on a regular basis.
On May 7 2021 a hacker attack paralysed the Colonial Pipeline which supplies about 45% of the gasoline and diesel consumed on the East Coast of the United States. The FBI has identified a ransom group as DarkSide. This group of hackers has been active since August 2020 and was carrying out attacks that encrypted computer systems, later asking their administrators for ransom. Following the attack, President Joe Biden said there is no direct evidence that the Russian government is responsible but confirmed that there are signs that the ransomware used in the attack had been created in Russia.
– In 2015 and 2016 executive orders no. 13694 and 13757 were released which imposed sanctions on individuals who conduct cyber-attacks (1) against critical infrastructure, (2) for financial or commercial gain, (3) severely disrupt computer operations or computer networks, or (4) interfere with US electoral processes.
– In 2018 an executive order no. 13848 which imposed sanctions on foreign individuals who “engaged, sponsored, concealed, or otherwise covered foreign interference in US elections.”
– Chapter 224 (22 USC 9524) of the Law Against Russia’s Influence on Europe and Eurasia (CRIEEA), which imposes sanctions on persons who, on behalf of the Russian Government, engaged in activities that undermine “cybersecurity” against any person, including a “democratic institution or government“.
– In 2021 an executive order No. 14024 was released which imposed sanctions on individuals who have engaged in harmful cyber activities on behalf of the Russian government, who are responsible for or have engaged in harmful cyber activities, electoral interference, caused damage to the democratic processes or institutions and other “harmful foreign activities”.
According to these documents, until June 2021 US sanctions were imposed on nearly 170 Russian individuals, including the Russian Security Agency (FSB) and the Military Intelligence Agency (GRU). The sanctions list also included an entire network of people associated with Russian oligarch Yevgeny Prigozhin who periodically financed operations in the United States, as well as political, security and economic operations in Africa.