Russian hackers target US engineering firm

Washington: Hackers working for Russian intelligence attacked an American engineering company this fall, investigators at a US cybersecurity company said Tuesday — seemingly because that firm had worked for a US municipality with a sister city in Ukraine.

The findings reflect the evolving tools and tactics of Russia’s cyber war and demonstrate Moscow’s willingness to attack a growing list of targets, including governments, organisations and private companies that have supported Ukraine, even in a tenuous way.

Arctic Wolf, the US cybersecurity firm that identified the Russian campaign, wouldn’t identify its customer or the city it worked with to protect their security, but said the company had no direct connection to Russia’s invasion of Ukraine. However, the group behind the attack, known to cybersecurity experts as RomCom, has consistently targeted groups with links to Ukraine and its defense against Russia.

“They routinely go after organisations that support Ukrainian institutions directly, provide services to Ukrainian municipalities, and assist organizations tied to Ukrainian civil society, defense, or government functions,” said Ismael Valenzuela, Arctic Wolf’s vice president of labs, threat research and intelligence. The attack on the engineering firm was identified by Arctic Wolf in September before it could disrupt the engineering company’s operations or spread further.

A message left with officials at the Russian Embassy in Washington seeking comment was not immediately returned.

Many towns and cities around the world enjoy sister-city relationships with other communities.