A (Strange) Interview The Russian-Military-Linked Hackers Targeting US Water Utilities
She later added, somewhat confusingly, that “the Sandworm hacker group does have something in common [with us] … This is the commander-in-chief of our Cyber Army.” It wasn’t clear, however, whether that comment was referring to a shared leader overseeing the two groups—or even a kind of imagined ideological leader such as Russian president Vladimir Putin—or whether Julia meant that Sandworm itself gives the Cyber Army its orders, in contradiction to her previous statements. Julia didn’t respond to WIRED’s requests for clarification on that question or, in fact, to any questions following that comment.
A Hacktivist Hype MachineRussian information warfare and influence operations experts with whom WIRED shared the full text of the interview noted that, despite Cyber Army of Russia’s claims of acting as an independent grassroots organization, it closely adheres to both Russian government talking points as well the Russian military’s published information warfare doctrine. The group’s rhetoric about changing “minds and hearts” beyond the front lines of a conflict through attacks targeting civilian infrastructure mirrors a well-known paper on “information confrontation” by Russian military general Valery Gerasimov, for instance. Other portions of Julia’s comments—an unprompted polemic against “non-traditional sexual relations” and a description of Russia as a conservative cultural “Noah’s Ark of the 21st century”—echo similar statements made by Russian leaders and Russian state media.
None of that proves that Cyber Army of Russia has anything more than the thin ties to the GRU that Mandiant uncovered, says Gavin Wilde, a Russia-focused senior fellow at the Carnegie Endowment for International Peace. He argues instead that the group’s comments appear to be an attempt to score points with a potential government sponsor, perhaps in the hopes of gaining a more official relationship. “They’re really trying to hone their messaging, but not for a Western audience, necessarily, so much as to try to put points on the board domestically and with potential political or financial benefactors in Moscow,” he says.
At one point in the interview with WIRED, in fact, Julia explicitly voiced that request for more official government support. “I really hope that the People’s Cyber Army of Russia will have great prospects, that our government agencies will not just pay attention to us, but support our actions, both financially and through the formation of full-fledged cyber troops as part of the Russian Armed Forces,” she wrote.
Outside of the conversation with WIRED, Cyber Army of Russia posts to its Telegram channel in Russian, not English—a strange move for a group that claims to be trying to influence Western politics in its favor. Other Russian influence operations created by the GRU itself, such as the Guccifer 2.0 and DCLeaks fronts created to influence the 2016 presidential election, wrote in English. Even other “hacktivist” groups targeting civilian critical infrastructure, such as Israel-linked Predatory Sparrow, take credit for their attacks in the language of their targets—in Predatory Sparrow’s case, posting to Telegram in Persian in an apparent attempt to influence Iranians.