Moscow may be helping ransomware gangs wreak havoc on companies like Marks & Spencer and Jaguar Land Rover as it steps up hybrid attacks on Europe, Nato’s head of cyber operations has warned.
Brigadier General Ümit Ersoy said the alliance was already at war with Russia “on a daily basis”.
“This is an ongoing war, without naming it as a war,” he said.
The Kremlin has spent years developing a “very successful” offensive cyber-capability, which has forced the 32 nation alliance to evolve to defend itself.
The general, who is the chief of Shape’s Cyberspace Operations Centre, said: “Each day is a challenge,” and added that the threat from Russia and others was so advanced that it kept him awake every night.
President Putin warned on Tuesday that Russia was “ready right now” to fight a war with Europe as tensions surrounding a peace deal with Ukraine spiralled.
President Putin with Valery Gerasimov, the head of Russia’s armed forces, last week
REUTERS
Ersoy, speaking as Nato carried out major cyberwar games this week, told The Times’s The General and The Journalist podcast that Russian state involvement in the corporate attacks has been investigated and is a serious concern.
“To what extent those criminals are co-ordinating, collaborating or communicating with those state actors, this is something we need to explore,” he said.
“I believe that’s possible. I wouldn’t be surprised — obviously we are talking about a rogue regime. Just because we find it immoral doesn’t mean they would refrain from working with criminals.”
Russia’s increased aggression towards Nato nations this year has coincided with a string of successful online criminal attacks on big European companies.
Britain’s biggest carmaker, JLR, was forced to close its factories for five weeks after a hack in August that was estimated to have cost the UK economy almost £2 billion.
• Jaguar Land Rover reveals devastating impact of cyberattack
A ransomware attack in September knocked out check-in systems at Heathrow airport, causing hundreds of flight cancellations and chaos for days.
Ersoy said: “As each day goes by, the threat picture is evolving and changing. The threats from state actors, non-state actors or those supported by some states are getting more sophisticated and the techniques and tactics used are progressing in a massive way.
“It is much more demanding than two or three years back. I would say we are not even in the same place compared to six months ago.”
The general, who has held the key post since October 2023, added: “Each day of mine is harder than the previous day. So if you ask me, what was your hardest moment? It is now.”
Cyberattacks have long been a tool in Russia’s campaign of hybrid war, which intentionally exists just below the threshold of armed conflict.
It is known as the Gerasimov doctrine, named after the long serving and Valery Gerasimov, the head of Russia’s armed forces, who devised it a decade ago.
Gerasimov, the man behind the doctrine
SPUTNIK/GAVRIIL GRIGOROV/KREMLIN/REUTERS
In the past months, the Kremlin has stepped up its provocations. flying suicide drones and MiG fighter jets into Nato airspace. Cyber is now being fused with other tactics, according to Ersoy.
He said: “The Gerasimov doctrine is not new. We are just observing how perfectly they are implementing that doctrine. The unjust invasion of Ukraine by Russia also laid down that Russia is capable of executing such actions in close co-ordination with other domains.”
“Cyberspace is not something that you can achieve in a blink of the eye. It means that they have worked on the subject, planned, and prepared themselves. To make that happen, a huge organisation is required, and that capacity obviously may come with different threats.”
What was his greatest fear? Ersoy said: “I have been here some time. Frankly ever since I was assigned here, none of the nights I have gone to bed I’ve felt comfortable or ready to sleep.
“The biggest fear is not having matured enough to understand what’s happening. We are evolving very fast and nations are investing a lot. But until my last day at this office, I think I will keep fearing.
“There are one million scenarios that may somehow create a problem for you, so even because of a simple administrative measure that you forgot to take, anything may happen.”
Ersoy is overseeing Nato’s largest annual online war game, Exercise Cyber Coalition, which is run from a vast cyber-range in Tallinn.
Two hundred personnel are at the secure facility in the Estonian capital for thefortnight-long exercise, and 1,100 more are taking part in ally countries across the globe.
Participants working on Nato’s annual war game
PETER KOLLANYI/BLOOMBERG/GETTY IMAGES
Among the seven different storylines devised for the training are simulated attacks on critical national infrastructure such as power stations and transport routes, and a network compromise in space — a scenario being tested for the first time this year.
A demonstration of the Locked Shields exercise in Tallinn, Estonia
PETER KOLLANYI/BLOOMBERG/GETTY IMAGES
Admiral Giuseppe Cavo Dragone, Nato’s most senior military officer, said this week the alliance was thinking about mounting pre-emptive cyberstrikes on Russia.
Dragone, who chairs Nato’s military committee, told the Financial Times: “On cyber, being more aggressive or being proactive instead of reactive is something that we are thinking about.”
Admiral Giuseppe Cavo Dragone
OLIVIER HOSLET/EPA
Microsoft’s annual Digital Defense Report in October found that cyberattacks on Nato states had risen 25 per cent in the last year. The US was most attacked, receiving 20 per cent of the total, but the UK was second, receiving one in every eight attacks.
Listen to the full interview with General Ersoy on this week’s episode of The General and The Journalist wherever you normally get your podcasts.