FILE PHOTO: Figurines with computers and smartphones are seen in front of the words "Cyber Attack", binary codes and the Russian flag, in this illustration taken February 15, 2022. REUTERS/Dado Ruvic/Illustration/File Photo
March 29, 2022
By Sarah N. Lynch
WASHINGTON (Reuters) – Russian hackers have been scanning the systems of energy companies and other critical infrastructure in the United States, and state-sponsored hacking by Russia presents a “current” threat to American national security, a top FBI official told lawmakers on Tuesday.
“The threat from Russia in a criminal sense, in the nation state sense, is very, very real – and current,” said Bryan Vorndran, an assistant director in the FBI’s cyber division, during a hearing before a U.S. House of Representatives panel.
In the weeks since Russia’s unprovoked attack against Ukraine, the White House and the Justice Department have been warning U.S. companies about intelligence suggesting that Russia has been taking early steps toward possibly launching cyberattacks.
Vorndran told lawmakers that “instances of Russian scanning” networks in the U.S. energy sector have increased recently, and he said such activity represents a “reconnaissance phase” by Russia to try and understand a company’s defenses and whether it has vulnerabilities that could be exploited.
“It’s an extremely important part of the overall attacks,” he noted, adding later in his testimony that Russia represents “one of the two most capable cyber adversaries we face globally,” and is “a formidable foe.”
Last year, well before Russia’s attack on Ukraine, U.S. President Joe Biden openly warned Russian President Vladimir Putin that certain critical infrastructure should be “off-limits” to cyberattacks.
That warning applied to 16 different kinds of infrastructure – an apparent reference to the 16 sectors designated as critical by the U.S. Homeland Security Department, including telecommunications, healthcare, food and energy.
Since that time Vorndran told lawmakers he was aware of software companies, among others who have been targeted with attacks.
“There are compromises against some of those 16 critical infrastructure sectors,” he said. “I can’t speak specifically to which ones.”
(Reporting by Sarah N. Lynch; Editing by Marguerita Choy)