A senior Biden administration official said Friday that one of the hackers recently arrested in Russia was responsible for the massive Colonial Pipeline cyberattack last year.
“We understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring,” the senior administration official told reporters on a call.
Russia’s Federal Security Service, the FSB, said earlier Friday that it raided addresses associated with the REvil ransomware gang and arrested 14 of its members.
U.S. officials have been urging Russia to take action to penalize criminal hackers operating within their borders, following a string of high-profile ransomware attacks, including the attack on Colonial Pipeline.
“We’re pleased with these initial actions,” the senior administration official said, adding that the Biden administration attributed the announcement to President BidenJoe BidenHouse Democratic campaign arm outraises GOP counterpart in final quarter of 2021 Putin’s ‘Brezhnev Doctrine’ involving Ukraine could backfire Rising inflation adds pain to student loan debt MORE’s “commitment to diplomacy and the channel that he established and the work that is underway.”
The ransomware attack on Colonial Pipeline, which controls about half of the fuel flowing to the U.S.’s East Coast, occurred last May and crippled operations for several days. The attack inflamed concerns about the vulnerability of critical infrastructure to cyber sabotage. The Biden administration attributed the attack to the REvil group last year.
U.S. officials have been sharing information with the Russians through a ransomware working group set up following Biden’s one-on-one meeting with Russian President Vladimir PutinVladimir Vladimirovich PutinPutin’s ‘Brezhnev Doctrine’ involving Ukraine could backfire Russia delays COVID-19 restrictions despite omicron surge Biden to hold first press conference of 2022 next week MORE last June, including information on specific individuals operating from inside Russia who have conducted cyberattacks against U.S. interests.
While Russia has arrested the hackers, Washington does not have an extradition treaty with Moscow.
“Our expectation is that Russia announced arrests and Russia would be pursuing legal action within its own system against these criminals,” the senior Biden administration official said Friday.
The arrests came amid heightened tensions between the U.S. and Russia over Moscow’s buildup of some 100,000 troops at Ukraine’s border that has raised fears about a possible military invasion. The Biden administration has warned of harsh consequences if Russia invades Ukraine.
U.S. officials warned Friday that Russia has prepared a false-flag operation in Ukraine to establish the pretext for a potential invasion.
“In our mind, this is not related to what is happening with Russia and Ukraine,” the senior Biden administration official told reporters on the call Friday afternoon. “We’ve also been very clear. If Russia further invades Ukraine, we will impose significant costs on Russia in coordination with our allies and partners.”
Also Friday, Ukraine said that hackers had taken down government websites and suggested that Russia may have been behind the attacks.
The U.S. had not yet attributed the attack as of Friday afternoon, but officials said they had been in touch with the Ukrainians to offer help.
“The United States and our allies and partners are concerned about this cyberattack and the president has been briefed,” White House press secretary Jen PsakiJen PsakiThe Hill’s 12:30 Report: More of Biden’s agenda teeters on collapse Biden to hold first press conference of 2022 next week Ukrainian websites hit by cyberattack amid tensions with Russia MORE told reporters during a briefing. “We are also in touch with the Ukrainians and have offered our support as Ukraine investigates the impact and nature and recovers from the incident.”