New Russian hacks spark calls for tougher Biden actions

Officials are calling for harsher measures against Russia following Microsoft’s assessment by that hackers behind the devastating SolarWinds hack were continuing to launch cyberattacks against U.S. government agencies and other organizations. 

President Biden just last month levied sweeping sanctions on Russia in retaliation for both the SolarWinds hack and election interference. But in the wake of the new hacking efforts, some officials are urging the Biden administration to get tougher.

“If Moscow is responsible, this brazen act of utilizing emails associated with the U.S. government demonstrates that Russia remains undeterred despite sanctions following the SolarWinds attack,” House Intelligence Committee Chairman Adam Schiff (D-Calif.) said in a statement Friday. “Those sanctions gave the administration flexibility to tighten the economic screws further if necessary — it now appears necessary.”

Senate Intelligence Committee Chairman Mark Warner (D-Va.) had similar thoughts.

“We have to step up our cyber defenses, and we must make clear to Russia – and any other adversaries – that they will face consequences for this and any other malicious cyber activity,” Warner said in a separate statement Friday.

Microsoft announced Thursday night that a sophisticated Russian hacking group they named “Nobelium” had gained access to an email marketing account used by the U.S. Agency for International Development (USAID) to target other organizations with malicious phishing emails.

The emails continued a link that would install a backdoor if clicked on that could allow the hackers to steal data and infect other computers in the network. While most of the attacks were blocked, around 3,000 email accounts at 150 different organizations in two dozen countries were targeted, including government agencies and think tanks. 

Microsoft assessed that Nobelium is the same group behind last year’s SolarWinds hack. The incident, one of the largest in U.S. history, allowed the hackers to compromise at least nine federal agencies and 100 private sector groups. 

“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Tom Burt, Microsoft’s corporate vice president for Customer Security and Trust, wrote in a blog post announcing the findings last week.

The tensions come as Biden prepares for a summit with Russian President Vladimir Putin in mid-June.

The U.S. intelligence community earlier this year formally assessed the SolarWinds hack was carried out by Russian state-sponsored hackers. In April, Biden announced a sweeping sanctions, but warned that he would impose harsher measures if the malicious cyber activity continued.

“The United States is not looking to kick off a cycle of escalation and conflict with Russia,” Biden said as part of a speech last month. “We want a stable, predictable relationship. If Russia continues to interfere with our democracy, I am prepared to take further actions to respond.”

The federal government has not formally blamed Russia for the recent activities announced by Microsoft. The latest incident was also far less damaging than the SolarWinds hack, with Microsoft announcing Friday afternoon that they were “not seeing evidence of any significant number of compromised organizations at this time.”

The Cybersecurity and Infrastructure Security Agency (CISA), which responded to the incident alongside the FBI, late Friday released a statement stressing that it had “not identified significant impact on federal government agencies resulting from these activities.” 

“CISA continues to work with the FBI to understand the scope of these activities and assist potentially impacted entities,” the agency said.

But following escalating cyber threats from Russia, including a Russia-based cyber criminal group’s recent ransomware attack on Colonial Pipeline, officials are voicing concerns that more steps should be taken.

“Russia must be held accountable for its continued malicious activity against our networks,” Rep. Jim Langevin (D-R.I.), the chair of the House Armed Services Committee’s cybersecurity subcommittee, told The Hill Friday. “I hope the Biden administration will strongly consider all available options – including increased sanctions – as it determines our response to this blatant intrusion.”

House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) described the potential new Russian actions as “disturbing.”

“If the reporting so far is accurate, it is clear we are dealing with an adversary that is difficult to deter and we must behave and defend our networks accordingly,” Thompson told The Hill in an emailed statement. “Moving forward, the government and the private sector will have to do better. Collectively, we need to keep our foot on the gas.”

Committee ranking member John Katko (R-N.Y.) agreed, telling The Hill Friday that he “believes Russia will not stop attempting to undermine U.S. cyber space until they know the consequences will be dire.”

“Earlier sanctions were a necessary first step, but we must continue the full court press,” Katko said. “That reality is now more evident than ever before— after repeated attacks on U.S. cyber infrastructure, we must take a stronger stance and hold Russia accountable.”

Mark Montgomery, senior fellow at the Foundation for Defense of Democracies, pointed to Biden’s statement in citing the need to hold Russia accountable if the administration determines it is behind the new incident.

“If you make a statement like that, President Biden is a man of his word, we need to take more aggressive measures, both sanctions and other elements of the defend forward strategy,” Montgomery told The Hill Friday. 

Montgomery stressed that the sanctions were part of a larger toolbox of ways to address the hacking efforts, including diplomacy, law enforcement actions, and the use of U.S. cyber capabilities against Russia.

“The only way to establish deterrence throughout all of cyberspace is a balance of offense and defense, so it would be appropriate for us to be taking actions against the kind of critical infrastructure that conducts these kinds of operations,” Montgomery said. 

A spokesperson for the White House’s National Security Council (NSC) told The Hill in an emailed statement that CISA was “actively managing this incident” and working with USAID, and that the NSC was “monitoring the situation closely.”

“While we may learn more, this is basic phishing which is blocked by most systems automatically,” they stressed. “As Microsoft’s blog noted, it’s likely to have been blocked by automated systems as spam. If an email got by the automated systems, a user would still have to click on the link to activate the malicious payload. And we should all know better than to click links in unknown emails.”

The spokesperson pointed to improvements made to federal cybersecurity through a newly issued executive order recently signed by Biden. 

“Each of these incidents underscores the importance of the president’s executive order and the aggressive but achievable efforts it outlines and the partnership between the government and private sector in addressing these threats,” the NSC spokesperson said. 

While the cyberattacks will likely be on the Biden-Putin summit agenda, Montgomery cautioned that while diplomatic efforts were useful in responding to Russian hacking efforts, the meeting alone would likely do little to address the immediate threat. 

“I don’t think he’s going to look into Putin’s eyes and see anything other than an authoritarian rogue,” Montgomery said of Biden’s meeting with the Russian president. “I think our actions will speak much louder than any words that Putin hears.” 

-Updated at 10:25 a.m.