Russian Military-Linked Hackers Target US Water Utilities: An Unusual Interview

The Cyber Army of Russia: Hacktivists or State-Sponsored Threat?

In the midst of the ongoing conflict between Russia and Ukraine, a group of Russian hackers known as the Cyber Army of Russia has emerged, claiming to protect their country in the digital realm. Their activities, which include targeting Ukrainian networks and infrastructure in countries supporting Ukraine, have drawn the attention of cybersecurity experts and government agencies worldwide.

A Conversation with the Cyber Army of Russia

WIRED reached out to the group’s spokesperson, “Julia,” via their Telegram channel, initiating a two-week-long interview. Represented by an AI-generated image of a woman in front of Moscow’s iconic St. Basil’s Cathedral, Julia shared the group’s motivations and rationale behind their cyber sabotage campaign.

“We have united with the goal and mission of protecting our country in the information space against the background of unprecedented pressure from the United States, the European Union and Ukraine,” Julia wrote in a long opening statement in response to WIRED’s questions.

Targeting Ukraine and Its Supporters

The Cyber Army of Russia claims to identify and exploit vulnerabilities in the internet resources of Ukraine and countries openly supporting the Ukrainian government, which they describe as a “gang of terrorists and extremists.” This characterization aligns with the Russian government’s narrative of the conflict, despite the fact that Ukraine has been defending itself against a brutal and unprovoked Russian invasion since 2022.

Amateurish Attacks and Questionable Impact

Despite their claims of large-scale sabotage, the group’s attacks have often fallen short of their intended targets. In one instance, they mistakenly hacked a water mill in a small French village, causing a minor drop in water levels. Julia acknowledged this error but maintained that the group remains undeterred, viewing it as an opportunity to gain experience for future attacks on hydroelectric power plants in France.

Possible Ties to Russian Intelligence

Cybersecurity firm Mandiant has pointed to evidence linking the Cyber Army of Russia to the hacker group known as “Predatory Sparrow,” which has previously targeted Iran’s steel and transportation sectors. Both groups appear to mimic the tactics of the Russian military intelligence hacker group “Sandworm,” taking credit for their attacks in the language of their targets.

Marketing Exercise or True Believers?

Olga Belogolova, a Russia-focused influence operations researcher at the Johns Hopkins School of Advanced International Studies, suggests that the Cyber Army of Russia may be functioning more as a domestic cheerleading campaign for Russians than an effective influence operation targeting the West. She notes that these “patriotic keyboard warrior types” might be true believers of the talking points they espouse, even if they are unaware of the disconnect between their intentions and actual impact.

The Danger of Overhyping the Threat

While the Cyber Army of Russia has gained the attention of Western cybersecurity experts and government agencies, Belogolova cautions against overblowing the threat they represent. Falling for their attempts at instilling fear through disruptive hacking could inadvertently contribute to their self-promotion efforts.

“The more time I spend working on Russia and Russian influence operations,” Belogolova says, “the more I’ve become a believer that they’re very into just hyping themselves up. And then we sometimes fall for the hype, too.”

As the conflict between Russia and Ukraine persists, the activities of groups like the Cyber Army of Russia serve as a reminder of the complex and often murky nature of cyber warfare and influence operations in the digital age.