With Russia continuing to face setbacks in its war against Ukraine, experts warn Russian President Vladimir Putin may escalate his cyber operations in the November midterms as retaliation for U.S. involvement in the conflict.
Recent cyberattacks against U.S. state government and airport websites that Moscow-backed hackers have claimed responsibility for may have been testing grounds for such Russian efforts to interfere in the upcoming election, posits James Turgal, vice president of cyber consultancy Optiv.
“They started out hitting the websites of those particular states as a test bed to see how it works,” said Turgal, who previously served as the executive assistant director for the FBI’s information and technology branch.
“Clearly, they’re amping up [their cyber operations] … and pressure is starting to increase,” he added.
Other experts similarly warn Russia may intensify its efforts to interfere in the American election, as a means of distracting the U.S. from assisting Ukraine or as retribution for that ongoing support.
“The Russian government likely views electoral interference and voter influence ahead of the US midterm elections as an appropriate response to the US’s defensive military support to Ukraine and to US participation in unprecedented international sanctions that have isolated Russia and heavily damaged its economy,” reads a report from cybersecurity firm Recorded Future published Thursday.
The warnings come as some officials have described Putin and the Russian military becoming “desperate” in recent weeks as the country’s forces have lost ground and momentum amid a massive Ukrainian counteroffensive in southern and eastern Ukraine.
In an address on Saturday, Ukrainian President Volodymyr Zelensky estimated that nearly 65,000 Russians have been killed since the invasion began in February.
Although hesitant to put U.S. boots on the ground, the Biden administration has sent billions of dollars in military and economic aid to Ukraine since the onset of the war. The U.S. has also provided technical assistance in cyber space to Ukrainian forces.
Turgal, who argues American weapons systems are “mostly” responsible for Putin’s mounting losses in Ukraine being “so visible”, said the U.S.’s continued involvement in the war could trigger the Russian leader to ramp up his cyber arsenal and use it to interfere in the midterms.
He pointed to the recent series of cyberattacks purportedly carried out by Russian-backed hacking group Killnet as possible precursors to more sophisticated and destructive types of Russian cyberattacks against the U.S. election system.
Earlier this week, Killnet claimed responsibility for launching a series of cyberattacks aimed at more than a dozen websites of major U.S. airports.
The Atlanta and Los Angeles international airports were among the 14 airports impacted by the attack.
Last week, Killnet also claimed responsibility for knocking several U.S. state government websites offline, including in Colorado, Mississippi and Kentucky.
Turgal explained that the effectiveness of potential Russian cyber operations against the U.S. will depend on which hacking proxy group the country decides to use, noting that Killnet typically launches unsophisticated types of cyberattacks like distributed denial of service attacks, in which hackers disrupt and overwhelm a server with internet traffic causing it to shut down.
“If it’s the Killnet level of sophistication, then they will probably not be that successful,” Turgal said.
But Turgal warned that as November approaches, it’s likely that critical sectors and government websites will experience more sophisticated types of attacks.
“As we get into the latter part of this month, and certainly in the first week of November, I think you’re going to see a number of [sophisticated] attacks,” he said.
Jason Blessing, a research fellow at the American Enterprise Institute, agreed that the U.S. should expect the Kremlin to step up its cyber operations leading up to and during the midterms, but he doesn’t see election meddling as directly tied to the events on the ground in Ukraine.
“Russian meddling in U.S. elections is a near-given at this point, and the military and intelligence units undertaking cyber operations in Ukraine are going to be different from the units carrying out malicious activity against the U.S.,” Blessing said.
However, he did acknowledge that as the U.S. continues to support Ukraine, it will only make the country a “greater target” for Russia, particularly its critical infrastructure and election system.
“Putin knows that the Ukrainians cannot achieve a decisive victory without Western support, particularly from the U.S.” Blessing said.
“As a tough winter approaches in Ukraine, Putin is not likely to pass up the opportunity to distract U.S. war support by injecting chaos into the midterm elections,” he added.
Recorded Future’s report this week noted the war in Ukraine has likely put a strain on Russia’s strength, capabilities and influence, but said the firm does not believe that will deter Moscow from trying to interfere and influence the U.S. midterm election.
The U.S. has been preparing for months to counter various cyber threats ahead of the election. Government officials have repeatedly said, however, that at the moment they are not aware of any credible or specific threats that would compromise or disrupt the election system.
Last week, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory assuring the public that any attempts to manipulate votes at scale will be detected and thwarted.
The federal agencies also said that any attempts to jeopardize the election system are “unlikely” to cause large-scale disruptions or prevent voting.
In a recent interview with CNBC, White House National Cyber Director Chris Inglis said that his office and other government agencies are aware that foreign adversaries are attempting to affect the confidence of the election. However, he said the government and the private sector have put measures in place to counter those threats.
During the interview, Inglis also noted that Putin is realizing how difficult it is to carry out cyber offensive operations, as they don’t always turn out to be as effective as anticipated.
“If we examine what we’ve seen in the physical domain, it’s harder for Putin to exercise a coordinated, synchronized set of attacks than he might have imagined,” Inglis said.
“I think you can lift and shift that [premise] into cyberspace,” he said, adding that carrying out cyber offensive attacks is harder than it looks.
However, he was quick to caution that the U.S. should still remain wary as there are still some critical infrastructures that are not well-defended against cyberattacks and could become targets.
“We’re still viable for sucker punches,” he said.
Federal agencies are also cautioning against the spread of disinformation ahead of the midterms. Earlier this month, the FBI and CISA released another joint advisory, that time warning the public that foreign actors are likely to manipulate information as a tactic to influence voters and the outcome of the election.
“As with previous election cycles, foreign actors continue to knowingly spread false narratives about election infrastructure to promote social discord and distrust in U.S. democratic processes and institutions, and may include attempts to incite violence,” the advisory read.
Experts have said that Russia’s playbook has always been to divide the country along party lines and suppress voter turnout.
“The Russians have been carrying out information operations and trying to undermine American democracy for a long time,” said Michael Daniel, president and CEO at Cyber Threat Alliance.
“Anything that weakens the U.S. or causes us to spend more time looking internally than externally, all of that is beneficial from [Putin’s] perspective,” he added.