US confirms military hackers have conducted cyber operations in support of Ukraine

(Photo Provided/CNN)

(CNN) — Cyber Command, the US military’s hacking unit, has conducted offensive cyber operations in support of Ukraine as it defends itself against Russia’s invasion, the head of the command has confirmed.

The disclosure underscores how important projecting power in cyberspace — in support of Ukraine’s defenses and to potentially deter Russia from conducting cyberattacks against US infrastructure — has been to the Biden administration as it continues to avoid directly engaging Russia in a shooting war.

“We’ve conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations,” General Paul Nakasone said in an interview with Sky News. A spokesperson for the command did not dispute the accuracy of the article but declined to elaborate on what the command’s operations in Ukraine have entailed.

It’s a rare public acknowledgment from US military officials of hacking operations that are often shrouded in mystery.

Nakasone’s comments, and the White House’s response to them, suggest that cyberspace is a domain in which the Biden administration feels comfortable countering Russia without fear of escalation. President Joe Biden has pledged not to engage directly with Russia militarily during the Ukraine war so long as the US and its allies aren’t attacked.

“We don’t see it as such,” White House press secretary Karine Jean-Pierre said Wednesday when asked at a news conference whether Cyber Command’s actions contradicted Biden’s pledge.

Officials from Biden on down have for months warned about the threat of retaliatory Russian cyberattacks against US infrastructure after the US and its allies imposed sweeping sanctions on the Kremlin over its war in Ukraine.

While analysts have proffered a range of theories, including improvements in US defenses, for why such a hack hasn’t apparently happened yet, US officials tell CNN that Russian fear of escalation in cyberspace could be one factor.

For one, Moscow may not want to risk retaliatory US cyberattacks that could hinder Russian military operations, a senior US defense intelligence official told CNN.

The Russians have already had enough problems in Ukraine executing military operations, “I think that adding any kind of potential for US cyber into that mix … [is] probably factoring into their decision calculus,” said the official, who spoke on the condition of anonymity to speak candidly about a sensitive national security issue.

The paucity of Russian hacking on US targets may reflect the “fear of escalation and what the US response might be, particularly if the US response affects Russian combat power in some form or fashion,” the official added.

The statements, from an interview with a senior official tasked with keeping a close eye on Russian cyber activity, offer a window into US thinking on Russian hacking at a critical time in the war — as the Kremlin targets eastern Ukraine after failing to take Kyiv.

The official’s analysis also reflects the uncertainty and ambiguity of big-power competition in cyberspace, where governments try to keep each other guessing on their hacking capabilities and willingness to use them.

“For Russia, understanding the full scope of US cyber combat power is a gap for them which leaves them unsure about opening this front, at least at this time,” the senior US official said. “Cyber warfare is a new domain … It hasn’t been around long enough for any one nation-state to dominate it.”

‘Attribution in peacetime is tricky enough’

Analysts say Cyber Command has matured considerably since its inception more than a decade ago and has increasingly become a tool of US power projection. The command sent personnel to Ukraine in December, in anticipation of the Russian invasion, to help Kyiv bolster its cyber defenses and to gather information about potential Russian hacking threats, officials have said.

There are a range of activities, including low-level intrusions into computer networks, that may qualify as “offensive” cyber operations but which the Russians may not necessarily interpret as escalatory, according to Bobby Chesney, an associate dean at the University of Texas School of Law who focuses on cyber and national security law.

Some of the command’s previous hacking operations have included knocking a Russian troll farm offline during 2018 US midterm elections, according to a Washington Post report, and targeting ransomware operatives who threaten US organizations.

While big hacks of US organizations related to the Ukraine war have been in short supply, a plethora of attempted cyberattacks have been reported in Ukraine and Russia as digital vigilantes take sides in the war. The websites of Russian government ministries and media mouthpieces have been knocked offline or altered to broadcast anti-war slogans.

The senior US defense intelligence official expressed concern that the Russian government may mistakenly assess that that type of hacking is coming from the US government.

“Attribution in peacetime is tricky enough … I would say there’s a real danger of unintentionally attributing something to the United States that the United States or its allies simply did not do,” the official said.