A growing body of evidence suggests that pro-Russian hackers and online activists are working with the country’s military intelligence agency, according to researchers at Google. From a report: Western officials and security experts are interested in the possible Kremlin links because it would help explain Moscow’s intentions both inside and outside Ukraine despite recent military setbacks that prompted Russian President Vladimir Putin this week to announce a mobilization push. Officials in the U.S. and Europe have warned throughout the war that Russian hackers could lash out against Ukraine’s allies by targeting critical infrastructure and governments with cyberattacks, but so far that has largely failed to materialize.
Over the past few months, Google’s Mandiant cybersecurity group has observed apparent coordination between pro-Russian hacking groups — ostensibly comprising patriotic citizen hackers — and cyber break-ins by Russia’s military intelligence agency, or GRU. In four instances, Mandiant says it observed hacking activity linked to the GRU in which malicious “wiper” software was installed on a victim’s network. The initial wiper software caused disruption by destroying computer systems across the organization. Then, the hacktivists entered the picture. After each of these hacks — within 24 hours of the wiping — the hacktivist organizations have published data stolen from the same organizations.