Tag: spy

Posted on

The Peril of Pentagon Orders Russian Cyber Defense ‘Stand Down’

cyber, cyber operations, cyber threat, espionage, counterespionage, counterintelligence, russia

It if doesn’t frighten you, it should. “The Trump administration has ordered the United States to end offensive cyber operations targeting Russia, . . . (US News, Mar. 2025) Russia, or more particularly the Russian FIE poses a grave threat to U.S. national security. Threats posed by this state-actor and its state-supported proxies are grave both in terms of capability and intent. Russia has consistently demonstrated its capacity to execute sophisticated cyber operations targeting governments, corporations, critical infrastructure and individuals. The perils are multi-dimensional, including espionage, cyber warfare (or “war in the grey”), information operations, subversion, ransoming and economic disruption. Examples of Russia’s malign and nefarious cyber activity are plethora however recently the U.S. and Ukraine seem to enjoy the brunt of Putin’s ire. Here are some points to consider:

1. State-Sponsored Cyber Warfare

  • Russia’s GRU Unit 74455, a/k/a “Sandworm” conducts offensive cyber operations, often targeting critical infrastructure the U.S., its allies and shared economic interests.
  • The 2017 NotPetya attack caused over $10 billion in global damages, hitting Maersk, FedEx, and other major commercial concerns. This agent was designed for penetration of a particular type of accounting software used in Ukraine. While not specifically targeting the U.S., the global fallout of NotPetya getting into the wild is instructive. In financial terms, it was among the greatest events of “collateral damage during war” ever recorded.
  • Russian hackers have targeted Ukraine’s energy sector repeatedly. They have demonstrated a clear ability to take down critical infrastructure. Evidence of Russian FIS’s penetration of U.S. utilities, likely in search of weakness to exploit or to leave ‘back doors’ for future exploitation, has also been detected. Notably, Dragonfly 2.0, a Russian state-sponsored hacking group (also known as Energetic Bear), successfully infiltrated U.S. energy sector systems, including nuclear power plants.

2. Cyber Espionage

  • Groups like APT29 (Cozy Bear) and APT28 (Fancy Bear), linked to Russian FIE have hacked into government agencies. They have repeatedly compromised U.S. official networks. The SolarWinds penetration in 2020 is instructive.
  • Ongoing efforts to steal classified or proprietary information from defense, aerospace, and technology sectors save Russia billions in research and development. From 2020 to 2021, Russian hackers compromised multiple U.S. defense contractors that provide support to the Department of Defense (DoD), U.S. Air Force, and Navy APT28 “Fuzy Bear” stole information related to weapon systems (including fighter jets and missile defense technologies, communications and surveillance systems, naval and space-based defense projects.

3. Election Interference & Disinformation

  • Russia has weaponized social media. Troll farms such as the Internet Research Agency and more rescently AI-home-cooked content spread disinformation and misinformation to masssive audiences.
  • Russian cyber actors hacked the DNC and Clinton campaign, leaking emails via WikiLeaks in efforts to subvert the U.S. political process.
  • Operation Project Lakhta was ordered directly by Vladimir Putin. This was a “hacking and disinformation campaign” to damage Clinton’s presidential campaign.
  • The Justice Department seized thirty-two internet domains used in Russian government-directed foreign malign influence campaigns (“Doppelganger”).

4. Ransomware & Financial Cybercrime

  • Russia harbors cybercriminal groups like Conti, REvil, and LockBit, which launch ransomware attacks on U.S. hospitals, businesses, and municipal corporations.
  • Many ransomware gangs operate with tacit Kremlin approval—as long as they don’t target Russian entities. For instance, REvil’s malware is designed to avoid systems using languages from the Commonwealth of Independent States (CIS), which includes Russia. This evidences a deliberate effort to steer clear of Russian entities.

5. Potential for Cyber Escalation

  • Russia has declared NATO and the West and its “main enemy”. The risk of cyber retaliation is real. Russia has the capability to conduct supply chain attacks, disrupt banking systems, and interfere with military communications.
  • In 2020, Russian state-sponsored cyber actors compromised the software company SolarWinds, embedding malicious code into its Orion network management software. This supply chain attack affected approximately 18,000 organizations, including multiple U.S. government agencies and private sector companies. This was a surveillance mechanism which allowed Russia to monitor internal communications and exfiltrate sensitive data from the software users.
  • In 2008 Russia deployed specialty malware (“Agent.btz“) which penetrated the U.S. Department of Defense’s classified and unclassified networks. The breach, considered one of the most severe against U.S. military computers, led to the establishment of U.S. Cyber Command to bolster cyber defenses.

Conclusion

The Russian cyber threat is persistent, evolving, and highly strategic. The West has cyber defenses and deterrence strategies in place (like sanctions and counter-hacking operations) however the current Administration’s order to terminate much of that effort cripple U.S. national security.

Quick to react to reporting of the DoD’s posturing, the Cybersecurity and Infrastructure Security Agency (CISA) tweeted, “CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.” Comforting however the words of a confidential source within CISA present a different picture. “A recent memo at the Cybersecurity and Infrastructure Security Agency (Cisa) set out new priorities for the agency, which is part of the Department of Homeland Security and monitors cyber threats against US critical infrastructure. The new directive set out priorities that included China and protecting local systems. It did not mention Russia, . . . analysts at the agency were verbally informed that they were not to follow or report on Russian threats, even though this had previously been a main focus for the agency.” (Guardian, Mar. 2025)

Russia is one of our most aggressive cyber adversaries as well as being recongnized by most nations as a ‘cyber threat pariah’ (i.e., most vocally by NATO, the EU and the U.N.). Given the President’s position on Russia, it’s impossible to say that U.S. continues to harden critical infrastructure, surveil Russian FIE cyber efforts and accomplish effective countermeasures. Russia’s offensive cyber capabilities will remain a major security challenge for the foreseeable future. The question is, are we willing to handicap our efforts to meet our adversaries with robust cyber capability or simply turn our heads away.

Posted on

The Challenge of Spying on China

spy, spies, espionage, counterespionage, intelligence, counterintelligence,carlyle poindexter, constantin poindexter

The WSJ article on Wednesday (Challenge of Spying on China) is a sad reminder of the United States Intelligence Community’s apparent failure to accomplish any broad covert or clandestine penetration of the People’s Republic of China (PRC) in recent history. The lack of HUMINT human intelligence sources (HUMINT) with meaningful access and placement deprives us of insight into Chinese decision making, immediate strategic threat intelligence and perhaps more importantly, gravely impairs U.S. offensive counterintelligence operations.

Moving beyond the obvious difficulties with HUMINT operations within the PRC, reminiscent of the Cold War hostile operational environments, the Intelligence Community is overdue for a paradigm shift in human asset recruitment methodology. For the better part of the last century, the United States Intelligence Community relied on a steady flow of “walk-ins”, volunteers from opposing foreign intelligence services or governments that offered their countries’ secrets. Intelligence officers enjoyed a large degree of success based on a fairly global perception that Americans were the “good guys”, representatives of the land of fairness, equality and justice, qualities that stood in stark contrast to the ruthless and despotic republics from whence they came. Unfortunately, the mystique has faded leaving outsiders to wonder if the values that we promote to the world are nothing more than a hypocritical farce. Mass diffusion of the “Big Lie” throwing fair elections into question, an attempted coup d’etat by an outgoing president, and military involvement under highly questionable intelligence assessments erode the view once held that the United States is the “shining beacon to the oppressed”.

Chinese citizens enjoy a better standard of living than at any time in China’s history. China can rightfully boast that it is a world power and its population can justifiably be proud of its progress. Personal financial success and pride in country promote loyalty. That there is no broad internal rejection of onerous mass surveillance, social credit controls and ethnic cleansing as is the case with the Uyghurs, is a testament to the PRC’s ability to deny facts, deceive its population and prevent the import of non-PRC approved “truths” about freedom and justice within China. The Chinese cultural tendency to identify with the collective rather than the individual is likewise amplified by the PRC’s massive social control machine, with opposing or antagonistic perspectives effectively blocked by the Great Firewall or simply drowned out of public discourse by the volumes of Party-approved propaganda. The PRC’s strategy has created an environment that is more resistant to traditional intelligence recruitment techniques such as economic coercion, ideology exploitation and ego-stroking. Chinese intelligence service recruiters lean on the cultural affinity of ethnically Chinese living in the United States to turn them into spies, coerce them by alluding to what might become of their families living in China or deploy the time-tested technique of guanxi to achieve intelligence asset recruitments. United States intelligence officers do not enjoy a parallel or equivalent.

FBI Director Wray stated, “We’ve now reached the point where the FBI is opening a new China-related counterintelligence case about every 10 hours.” The threat is grave and our twentieth-century countermeasures, techniques and tradecraft are not appropriate for what many in the Intelligence Community deem the greatest threat to United States national security. Retooling, reimagining the intelligence recruitment cycle and modernizing the way that we approach the recruitment of sources is imperative.