Has the US Fired a Cybershot at Russia?

The mystery over the sudden disappearance of a Russian-speaking cybercrime gang believed responsible for hacking more than 360 targets in the United States in 2021 alone has raised questions about whether the cyber “cold war” between Russia and the U.S. is heating up.

No one is sure why the group’s online footprint vanished earlier this week, but among the theories is the United States took decisive action days after President Joe Biden promised consequences for the spate of highly damaging cyberattacks by Russian groups, primarily the one called REvil,  reports NBC News.

This surprising development comes at the same time as the publication of an opinion piece on lawfare.com arguing that warnings by Washington that Moscow would face “consequences” for its involvement in cyber-sabotage and hacking of U.S. targets   amounted to little more than governmental hand-wringing.

On July 9, Biden warned Russian President Vladimir Putin that the U.S. will take “any necessary action,” including imposing unspecified “consequences,” if Russia does not disrupt ransomware attacks from its soil.

“Biden’s warning on July 9 is the latest in a series of verbal threats against Russia by the Biden team since the 2020 election,” wrote Jack Goldsmith for Lawfareblog.com.

“In fact, we heard similar things in public from the Trump and Obama administrations,” said Goldsmith, Learned Hand Professor at Harvard Law School, co-founder of Lawfare and a Senior Fellow at the Hoover Institution,

But that was before news about REvil’s disappearance hit the headlines.

Russian cybercriminal actions have extended beyond fraud and theft and massive ransomware attacks to hacking into the campaigns of U.S. presidential campaigns and most likely attempting to influence the 2016 election.

In October 2016, U.S. intelligence officials told NBC News that the U.S. government is “contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election.”

“What is the point of this talk?” wrote Goldsmith. “How many times does the United States need to send the message? What is the message sent by sending so many messages?”

The combination of “puffed-up threats,” news reporting on government uncertainty about how to respond to cyber operations from Russia, a covert retaliatory operation, and then the next revelation about an unexpected and very damaging cyber operation “sends a clear message of extraordinary weakness,” wrote Goldsmith.

The U.S. could do much more, but at least two hurdles exist.

One is international law, which limits U.S. options, at least those involving forcible measures, in the face of the Russian operations below the threshold of uses of force or armed attacks.

Second, the more serious hurdle, is the escalation threat against Russia, which is of course has frightening potential, wrote Goldsmith.

The group REvil would seem to be the most obvious target of any counterattack by the United States.

In May, REvil hacked major meat supplier JBS, encrypting its computers and convincing the company to pay $11 million in exchange for a promise to not leak its files to an extortion blog it kept on the dark web, according to NBC.

Over the Fourth of July weekend, the group hacked the software company Kaseya, using its connectivity to the larger internet ecosystem to infect more than 1,500 organizations around the world.

The timing of Tuesday’s outage has sparked speculation that either American or Russian officials may have taken action against REvil–although officials have so far declined to comment and cyber experts say sudden disappearances of groups are not necessarily uncommon.

Yahoo’s cyber reporter, Joe Tidy, wrote on Wednesday, “The rumor mill is in hyperdrive about what’s behind this sudden shutdown but one hacker who claims to be an affiliate of the gang gave me some insights. I’ve yet to confirm his identity but other researchers say his claims are highly plausible.”

The source claims the  “Feds took down” elements of their websites and so the cybercriminals “pulled the plug on the rest of their operation.”

Tidy wrote: “He also said there was pressure from the Kremlin too saying: ‘Russia is tired of the U.S. and other countries crying to them.’ ”

Other cybercrime analysts point out that ransomware gangs have been known to voluntarily disband, only to return under a different name.

Nancy Bilyeau is deputy editor of The Crime Report.