The FBI and Justice Department in Washington on Feb. 20, 2021. (AP Photo/Evan Vucci). U.S. Blames Russia-led Hack Attacks against Ukraine’s Economic Infrastructure.
WASHINGTON—A government cybersecurity agency accused a Russian hacking group of targeting the financial system of at least five major Ukrainian banks that has been accused by Western governments of trying to steal billions of dollars from their accounts.
The Federal Bureau of Investigation said Sunday it had identified the hackers as “a highly sophisticated nation-state threat actor engaged in broad offensive efforts across multiple sectors in recent weeks.”
“The international community will be watching closely as we respond to this attack,” said Christopher Wray, director of CBP’s Cyberspace and Assigned Risk division. He added that the department is working with agencies around the world whose systems have also been targeted in the attacks.
The attacks on the Ukrainian banking system have so far only been reported publicly for one week. That was from March 17 through Oct. 2 when Russian state media reported a cyberattack on two Ukrainian state-owned banks that took place more than a month earlier that affected some $11 billion in assets.
The initial reports did not provide further details about what the attackers were seeking and said nothing of the sophistication of the tools used in the operation. In subsequent months, security researchers reported being able to identify many of those same tools used in the latest attacks.
The State Department’s top security official told reporters Sunday that he thought the intrusion posed an ongoing risk to the United States but the agency’s president said the most important reason to focus on the Ukraine issue now wasn’t just because of the hack-and-leak activity.
“This isn’t something we can ignore,” Secretary of State Antony Blinken said. “We have our eyes on it and we need to know the extent of the damage that they are causing.”
The U.S. government is blaming Russia by name as part of its response to the attacks. President Donald Trump last week called Russia a “truly evil country” while noting that officials were still gathering information on how these attacks are going and how to respond, which officials described as espionage activity by an adversary.
The cybersecurity agency said Monday that of 4,200 bank accounts accessed by suspected hackers, 3,800 had zero or no value. But authorities said that of 35,000 accounts linked to individuals who had opened them that day, roughly 10,000 had significant value. Because there were no transactions in any of the accounts, there was no evidence of money laundering.
Three months after the first report of a hack-and-leak operation by Reuters and other outlets, the White House last week formally notified Congress that the Kremlin had directed the GRU military intelligence service known as SVR to “investigate and disrupt” adversaries of the United States, European Union, Canada, Australia, and other countries.