Exclusive: FBI and DHS warn U.S. officials of possible Russian cyberattacks linked to invasion of Ukraine

The Federal Bureau of Investigation and the Department of Homeland Security on Monday warned law enforcement, military and others charged with overseeing critical U.S. infrastructure to be prepared for potential Russian cyberattacks in conjunction with a possible invasion of Ukraine.

During a Monday afternoon conference call, the nation’s top cybersecurity officials briefed state and local government agencies and cybersecurity personnel, warning them to look out for signs of Russian activity on their networks. The federal officials also urged those on the call to dramatically lower their threshold for reporting suspicious activity.

A Russian invasion of Ukraine could begin at any time, the officials said, and the military action is also likely to be accompanied by cyberattacks targeting Ukrainian and possibly also U.S. networks. Officials underscored that the U.S. believes Russia’s invasion of Ukraine is likely to begin with aerial bombings and missile attacks and in conjunction with cyber operations.

Two people who were on the call told Yahoo News that they were alarmed by how many people on the call appeared not to know the process for reporting suspicious cyberactivity.

“This is the most basic thing: How and to who do you report suspicious activity on your network?” one person said. “That people don't know what to do at this point is just a real failure.”

Officials said they are currently seeing an uptick in Russian scanning of U.S. law enforcement networks and urged a heightened state of vigilance.

“While there are not currently any specific, credible threats to the United States, we are mindful of the potential for Russia to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” a DHS spokesperson told Yahoo News. “DHS has been engaging in an outreach campaign to ensure that public and private sector partners are aware of evolving cybersecurity risks and taking steps to increase their cybersecurity preparedness.”

The cyber component of the Russian offensive is likely to begin just before an aerial bombing or missile attacks and would be likely to continue throughout the conflict.

The U.S. has been working with Ukraine to harden its infrastructure networks from likely Russian cyberattacks and will continue to do so as it braces for an all-out assault, one official said.

President Vladimir Putin of Russia addresses a press conference in Moscow.
President Vladimir Putin of Russia on Feb. 7. (Thibault Camus/Pool via Reuters)

FBI and DHS cyber officials urged participants on Monday’s call to patch all systems and urged them to report anything unusual, no matter how small. Their goal is to be able to detect the smallest of tremors inside U.S. networks that might indicate Russian activity, they said. This will help DHS and the FBI to identify the impacted networks and assist in a response. The officials leading the call also stressed the need for government and other cybersecurity personnel to have a plan in place in the event their network is targeted or compromised.

Several intelligence bulletins were sent out ahead of the call, including one dated Jan. 23 from DHS’s Office of Intelligence and Analysis titled “Warning of Potential for Cyber Attacks Targeting the United States in the Event of a Russian Invasion of Ukraine.”

“We assess that Russia would consider initiating a cyberattack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security,” the bulletin states. “Russia maintains a range of offensive cyber tools that it could employ against US networks — from low-level denials-of-service to destructive attacks targeting critical infrastructure. However, we assess that Russia's threshold for conducting disruptive or destructive cyberattacks in the Homeland probably remains very high and we have not observed Moscow directly employ these types of cyberattacks against US critical infrastructure — notwithstanding cyber espionage and potential prepositioning operations in the past.”

The bulletin also warns that the specifics of the cyberthreat may change.

"The evolving nature of the current military escalation on Ukraine's border and ongoing dialogue between Moscow and Washington could influence Russia's actions, including options for targeting the United States," it states.

During Monday’s call, officials said the U.S. is currently seeing an uptick in Russian disinformation and misinformation about Ukraine. The FBI and DHS sent out an intelligence bulletin on the increase in disinformation. They also sent participants on the call other intelligence bulletins and advisories and technical indicators associated with previous successful Russian cyberattacks against U.S. networks.