Cybersecurity

Pro-Russia hackers are targeting transportation websites

IT Brew catches up with Mandiant Senior Analyst Alden Wahlstrom to discuss why transportation and government-related websites have become a target.
article cover

Francis Scialabba

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

A group of pro-Russia hackers claims to have targeted transportation and government-related websites in recent months, in an effort to influence the 2024 election in the European Union and other international affairs, such as the ongoing Russian invasion of Ukraine.

The group, with more than 57,000 subscribers on Telegram, shared on the platform that it has targeted the Grenchen Airport in Switzerland, the Swiss Southeastern Railway, Luxembourg’s public transportation authority, the Warsaw metro, the Swedish transport administration, and more.

IT Brew caught up with Alden Wahlstrom, principal analyst at Google-owned Mandiant, to discuss why these transportation and government-related websites have become a target.

This interview has been edited for length and clarity.

What do you make of the incidents in which this hacking group has targeted transportation websites?

“[This particular group] and other similar pro-Russia hacktivist groups frequently claim to have attacked high-profile targets, which can include those affiliated with transportation and government entities. This may serve multiple purposes, including enhancing the groups’ prestige, increasing the possible attention their claims will generate, or attempting to support the groups’ claims of causing major societal disruption through strategic target selection,” Wahlstrom told us.

Often, these distributed denial-of-service attacks only have “limited, short-term impacts,” according to Wahlstrom.

“Knowing they often prefer such entities, we should be prepared, but it’s important that we don’t do these actors’ jobs for them, which is to amplify and inflate their claimed capabilities and create fear. Their goal is often to create an impact beyond what they’re really capable of achieving with a cyberattack,” he said. 

But why target transportation websites?

“It’s primarily meant to have a psychological effect,” Wahlstrom said. “They are trying to undermine our sense of security by claiming to have ‘significant access’ to, or ‘control’ over critical infrastructure when they really don’t. This is why we have to be careful not to give these actors too much credit, or too much publicity.”

Is there a rhyme and reason for why pro-Russia or other Russia-based or affiliated groups like this one target specific countries?

“[This group] and similar pro-Russia hacktivist groups have persistently targeted Ukraine and its partners and allies since the outset of the Russian invasion launched in 2022,” Wahlstrom said. He noted that they “leverage high-profile events, such as elections and the Olympics…to attract more attention.”

“We assess that entities associated with NATO member countries will remain a target of Russian hacktivist groups for the foreseeable future, as these groups continue to conduct threat activity aimed to undermine current and future support to Ukraine.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.