The Council of the European Union (EU) said today that Russian hackers and hacker groups increasingly attacking “essential” organizations worldwide could lead to spillover risks and potential escalation.
“This increase in malicious cyber activities, in the context of the war against Ukraine, creates unacceptable risks of spillover effects, misinterpretation and possible escalation,” the High Representative on behalf of the EU said Tuesday.
“The latest distributed denial-of-service (DDoS) attacks against several EU Member States and partners claimed by pro-Russian hacker groups are yet another example of the heightened and tense cyber threat landscape that EU and its Member States have observed.”
In this context, the EU reminded Russia that all United Nations member states must adhere to the UN’s Framework of responsible state behavior in cyberspace to ensure international security and peace.
The EU urged all states to take any actions required to stop malicious cyber activities conducted from their territory.
The Minister for Foreign Affairs of Belgium also said today that multiple Chinese state-sponsored threat groups (including APT27, APT30, APT31, and Gallium) have been targeting the Belgian defense and interior ministries.
“Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the FPS Interior and the Belgian Defence,” the country’s foreign minister said.
Warnings of increased Russian cyberattack activity, spillovers
EU’s statement follows a February joint warning from CISA and the FBI that wiper malware attacks targeting Ukraine could spill over to targets from other countries.
Google’s Threat Analysis Group (TAG) said in late March that it observed phishing attacks orchestrated by the Russian COLDRIVER hacking group against NATO and European military entities.
In May, the US, UK, and EU accused Russia of coordinating a massive cyberattack that hit the KA-SAT consumer-oriented satellite broadband service in Ukraine on February 24 with AcidRain data destroying malware, approximately one hour before Russia invaded Ukraine.
A Microsoft report from June also confirms the EU’s observation of an increase in Russian malicious cyber activities. The company’s president said that threat groups linked to Russian intelligence agencies (including the GRU, SVR, and FSB) stepped up cyberattacks against government entities in countries allied with Ukraine after Russia’s invasion.
In related news, in July 2021, President Joe Biden warned that cyberattacks leading to severe security breaches could lead to a “real shooting war,” a statement issued a month after NATO said that cyberattacks could be compared to “armed attacks” in some circumstances.
“We reaffirm that a decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis,” the NATO communiqué reads [PDF].
“Allies recognise that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack.”