NSA cyber director warns of ransomware attacks on Ukraine, Western supply chains

SAN FRANCISCO — Russian hackers are attempting to inject ransomware into Ukraine's logistics supply chain and those of the Western countries that back Kyiv in its fight against Moscow, a senior National Security Agency official said on Wednesday.

“Wars are won and lost by logistics. And Russia painfully appreciates that because they are doing so poorly in their own logistics,” NSA Director of Cybersecurity Rob Joyce told reporters during a roundtable at the RSA Conference.

“I think they're trying to figure out what is the way they disrupt the logistics internal to Ukraine, but especially all of the surge that the West has been able to bring for both lethal and humanitarian goods flowing into Ukraine,” he added.

The tactic represents a shift for Moscow, which many expected would hammer Ukraine with a digital offensive that would cripple the country’s critical infrastructure and provide the Kremlin a quick, easy victory.

However, aside from an attack targeting American commercial satellite internet company Viasat, there have been few significant cyber incidents since Russia invaded 14 months ago. Meanwhile, Ukraine’s digital forces, with the assistance of the U.S. public and private sectors, have been able to withstand a continuous deluge of smaller hacks by Moscow.

Joyce said Poland — which has emerged as one of Ukraine’s most ardent supporters, supplying tanks and fighter jets to its once bitter rival — “certainly” had been the victim of malicious activity, a possible reference to a cyberattacks featuring “Prestige” ransomware that Microsoft last year attributed to Iridium, a Russia-based hacking group.

“We've seen a significant amount of intelligence gathering into the western countries to include the U.S. in that logistics supply chain,” he said. “I've not seen the ransomware deliberately thrown at U.S. companies but that is a concern as they increasingly tried to disrupt that supply chain.”

Joyce declined to speculate on what kind of impact a successful supply chain attack on a U.S. entity would mean for Washington’s involvement in the conflict.

“But I do consider it a significant escalation in tactics and capabilities if they choose” to go after targets outside of Ukraine, he said.

‘Adds to the noise’

Joyce also said he was “not a fan of amateur citizens taking up cyber arms” to fight in foreign conflicts.

“When you're at war, I certainly understand you're going to deploy all means necessary,” he told reporters, referring to some of the online militias that have formed to bolster Ukraine’s government.

However, when an individual in Europe or the U.S. “decides that they are going to take on hacktivist activities on behalf of Ukraine — I think that's over the line.”

“It's an inherently government activity. It impacts our ability to set and enforce norms. And it also adds to the noise,” Joyce explained. “There's a lot of nation state activity being cloaked in the guise of activists. When we add that ambiguity we're giving cover and allowing Russia to do things that they can point to … out into the misinformation disinformation space.”