Russia almost certainly is subjecting Ukrainian civilians in occupied areas to so-called filtration operations. Individuals face one of three fates after undergoing filtration, which include being issued documentation and remaining in Russian-occupied Ukraine, forcefully deported to Russia, or detained in prisons in eastern Ukraine or Russia.
This Intelligence In View provides federal, state, local, and private sector stakeholders an overview of Russian Government-affiliated cyber activity targeting the United States and Russian regional adversaries, including disruptive or destructive cyber activity, cyber espionage in support of intelligence collection, and malign foreign influence in service of Russian political agendas. This In View also provides examples of malware and tools used by Russian Government-affiliated cyber actors.
(U//FOUO) DHS Bulletin: Moscow’s Invasion of Ukraine Impeding Reach of Russian State Media in the West
Russia’s invasion of Ukraine has spurred Western governments, social media companies, and individuals to limit or disengage from Russian state media outlets, likely degrading many outlets’ ability to directly message to Western audiences through 2022. This Western response impedes the ability of critical elements of Russia’s influence ecosystem to recruit and retain culturally adept media talent, shape in-country reporting, maintain a perception of media independence, and generate revenue. These setbacks affect multiple facets of RT’s and Sputnik’s operations, hampering the prospects for a speedy reconstitution of their Western-facing efforts. These actions, and others being considered by Western countries, go well beyond previous efforts to counter Moscow’s use of its state media outlets to spread mis-, dis-, and malinformation (MDM), such as deplatforming, foreign agent registration, and social media labeling of content.
DHS Public-Private Analytic Exchange Program Report: Combatting Targeted Disinformation Campaigns A Whole-of-Society Issue Part Two August 2021
Recent events have demonstrated that targeted disinformation campaigns can have consequences that impact the lives and safety of information consumers. On social media platforms and in messaging apps, disinformation spread like a virus, infecting information consumers with contempt for democratic norms and intolerance of the views and actions of others. These events have highlighted the deep political and social divisions within the United States. Disinformation helped to ignite long-simmering anger, frustration, and resentment, resulting, at times, in acts of violence and other unlawful behavior.
DHS Public-Private Analytic Exchange Program Report: Combatting Targeted Disinformation Campaigns A Whole-of-Society Issue October 2019
In today’s information environment, the way consumers view facts, define truth, and categorize various types of information does not adhere to traditional rules. The shift from print sources of information to online sources and the rise of social media have had a profound impact on how consumers access, process, and share information. These changes have made it easier for threat actors to spread disinformation and exploit the modern information environment, posing a significant threat to democratic societies. Accordingly, disinformation campaigns should be viewed as a whole-of-society problem requiring action by government stakeholders, commercial entities, media organizations, and other segments of civil society.
(U//FOUO) DHS Bulletin: Warning of Potential for Cyber Attacks Targeting the United States in the Event of a Russian Invasion of Ukraine
We assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security. Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure. However, we assess that Russia’s threshold for conducting disruptive or destructive cyber attacks in the Homeland probably remains very high and we have not observed Moscow directly employ these types of cyber attacks against US critical infrastructure—notwithstanding cyber espionage and potential prepositioning operations in the past.
Asymmetric Warfare Group Study: Russian Private Military Companies in Operations, Competition, and Conflict
Russian PMCs are used as a force multiplier to achieve objectives for both government and Russia-aligned private interests while minimizing both political and military costs. While Moscow continues to see the use of Russian PMCs as beneficial, their use also presents several vulnerabilities that present both operational and strategic risks to Russian Federation objectives.
(U//FOUO) DHS Bulletin: Russia Likely to Continue Seeking to Undermine Faith in US Electoral Process
We assess that Russia is likely to continue amplifying criticisms of vote-by-mail and shifting voting processes amidst the COVID-19 pandemic to undermine public trust in the electoral process. Decisions made by state election officials on expanding vote-by-mail and adjusting in-person voting to accommodate challenges posed by COVID-19 have become topics of public debate. This public discussion represents a target for foreign malign influence operations that seeks to undermine faith in the electoral process by spreading disinformation about the accuracy of voter data for expanded vote-by-mail, outbound/inbound mail ballot process, signature verification and cure process, modifying scale of in-person voting, and safety and health concerns at polling places, according to CISA guidance documents provided to state and local election officials.
Senate Intelligence Committee Report on Russian Efforts Against Election Infrastructure in the 2016 Election
From 2017 to 2019, the Committee held hearings, conducted interviews, and reviewed intelligence related to Russian attempts in 2016 to access election infrastructure. The Committee sought to determine the extent of Russian activities, identify the response of the U.S. Government at the state, local, and federal level to the threat, and make recommendations on how to better prepare for such threats in the future. The Committee received testimony from state election officials, Obama administration officials, and those in the Intelligence Community and elsewhere in the U.S. Government responsible for evaluating threats to elections.
This white paper was prepared as part of the Strategic Multilayer Asssessment, entitled The Future of Global Competition and Conflict. Twenty-three expert contributors contributed to this white paper and provided wide-ranging assessments of Russia’s global interests and objectives, as well as the activities—gray or otherwise—that it conducts to achieve them. This white paper is divided into five sections and twenty-five chapters, as described below. This summary reports some of the white paper’s high-level findings, but it is no substitute for a careful read of the individual contributions.
Department of Justice Report on the Investigation into Russian Interference in the 2016 Presidential Election
The Internet Research Agency (IRA) carried out the earliest Russian interference operations identified by the investigation-a social media campaign designed to provoke and amplify political and social discord in the United States. The IRA was based in St. Petersburg, Russia, and received funding from Russian oligarch Yevgeniy Prigozhin and companies he controlled. The IRA later used social media accounts and interest groups to sow discord in the U.S. political system through what it termed “information warfare.” The campaign evolved from a generalized program designed in 2014 and 2015 to undermine the U.S. electoral system, to a targeted operation that by early 2016 favored candidate Trump and disparaged candidate Clinton. The IRA’s operation also included the purchase of political advertisements on social media in the names of U.S. persons and entities, as well as the staging of political rallies inside the United States. To organize those rallies, IRA employees posed as U.S. grassroots entities and persons and made contact with Trump supporters and Trump Campaign officials in the United States. The investigation did not identify evidence that any U.S. persons conspired or coordinated with the IRA. Section II of this report details the Office’s investigation of the Russian social media campaign.
From Multi-Domain Battle to Multi-Domain Operations. TRADOC Pamphlet 525-3-1, The U.S. Army in Multi-Domain Operations 2028 expands upon the ideas previously explained in Multi-Domain Battle: Evolution of Combined Arms for the 21st Century. It describes how the Army contributes to the Joint Force’s principal task as defined in the unclassified Summary of the National Defense Strategy: deter and defeat Chinese and Russian aggression in both competition and conflict. The U.S. Army in Multi-Domain Operations concept proposes detailed solutions to the specific problems posed by the militaries of post-industrial, information-based states like China and Russia. Although this concept focuses on China and Russia, the ideas also apply to other threats.
BOD 17-01 requires all federal executive branch departments and agencies to (1) identify the use or presence of “Kaspersky-branded products” on all federal information systems within 30 days of BOD issuance (i.e., by October 13); (2) develop and provide to DHS a detailed plan of action to remove and discontinue present and future use of all Kaspersky-branded products within 60 days of BOD issuance (i.e., by November 12); and (3) begin to implement the plan of action at 90 days after BOD issuance (i.e., December 12), unless directed otherwise by DHS in light of new information obtained by DHS, including but not limited to new information submitted by Kaspersky.
The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) reviewed the Independent Assessment, titled Information Security Risks of Anti-Virus Software (hereafter “BRG Assessment”), prepared by Berkeley Research Group, LLC (BRG), and dated November 10, 2017. Kaspersky Lab (hereafter “Kaspersky”) submitted the BRG Assessment to DHS as an exhibit to Kaspersky’s request for DHS to initiate a review of Binding Operational Directive (BOD) 17-01. The BRG Assessment, in part, responds to the NCCIC Information Security Risk Assessment (hereafter “NCCIC Assessment”) on commercial off-the-shelf (COTS) anti-virus software and Kaspersky-branded products, dated August 29, 2017. The NCCIC Assessment was attached as Exhibit 1 to an Information Memorandum from the Assistant Secreta1Y for DHS Cybersecurity and Communications (CS&C) to the Acting Secretary of DHS, dated September 1, 2017 (hereafter “Information Memorandum”). This document is a Supplemental Information Security Risk Assessment and will similarly be attached to an Information Memorandum from the Assistant Secretary for CS&C to the Acting Secretary of DHS.
This assessment presents the inherent information security concerns and security ramifications associated with the use of any commercial-off-the-shelf (COTS) antivirus solution in devices with access to a federal network. It also addresses specific risks presented by Kaspersky-branded products, solutions, and services (collectively, “Kaspersky-branded products”).
The French services analysed the testimonies, photos and videos that spontaneously appeared on specialized websites, in the press and on social media in the hours and days following the attack. Testimonies obtained by the French services were also analysed. After examining the videos and images of victims published online, they were able to conclude with a high degree of confidence that the vast majority are recent and not fabricated. The spontaneous circulation of these images across all social networks confirms that they were not video montages or recycled images. Lastly, some of the entities that published this information are generally considered reliable.
In the last seven years, Russia has reasserted itself as a military force in Eastern Europe and the Caucasus. With the 2008 military incursion into Georgia and the 2014 seizure of Crimea and support for pro-Russian separatists in Ukraine, Russia has assumed a more aggressive, interventionist stance in Europe. In the effort to influence events in Ukraine, the Russians have used what the US Army defines as “Hybrid Warfare” to infiltrate, isolate, and dominate eastern Ukraine and Crimea. This is all a part of the strategy of what can be called “Indirect Action”—the belief by the Russians that they reserve the right to protect ethnic Russians and interests in their former states from domination by Western powers and NATO.
Section 241 of the Countering America’ s Adversaries Through Sanctions Act of 2017 (СААTSA) requires the Secretary of the Treasury, in consultation with the Director of National Intelligence and the Secretary of State, to submit to the appropriate congressional committees 180 days after enactment а detailed report оп senior political figures and oligarchs in the Russian Federation (Section 241 (a)(l)) and on Russian parastatal entities (Section 241 (а)(2)). Pursuant to Section 241(Ь), the report shall Ье submitted in an unclassified form but may have а classified annex. This is the unclassified portion of the report.
In accordance with Section 242 of PuЬlic Law 115-44 (P.L. 115-44) (“Countering America’s Adversaries Through Sanctions Act” (CAATSA)), the U.S. Department of the Treasury, in consultation with the Department of State and the Director of National Intelligence, was tasked with preparing а report addressing the potential effects of expanding sanctions under Directive 1 issued under Executive Order (Е.О.) 13662 to include sovereign debt and the full range of derivative products.
As the American Army fought in Iraq and Afghanistan, it became the best tactical level counter insurgency force of the modern era. America’s enemies, however, did not rest. Russia observed the transformation of the American Army and began a transformation of their own. This new military barely resembles its former Soviet self. Wielding a sophisticated blend of Unmanned Aircraft Systems (UAS), electronic warfare (EW) jamming equipment, and long range rocket artillery, it took the Soviet model out of the 1980s and into the 21st Century.
As part of this vision, DIA has a long history of producing comprehensive and authoritative defense intelligence overviews. In September 1981, Secretary of Defense Caspar Weinberger asked the Defense Intelligence Agency to produce an unclassified overview of the Soviet Union’s military strength. The purpose was to provide America’s leaders, the national security community, and the public a complete and accurate view of the threat. The result: the first edition of Soviet Military Power. DIA produced over 250,000 copies, and it soon became an annual publication that was translated into eight languages and distributed around the world. In many cases, this report conveyed the scope and breadth of Soviet military strength to U.S. policymakers and the public for the first time.
U.S. competitors pursuing meaningful revision or rejection of the current U.S.-led status quo are employing a host of hybrid methods to advance and secure interests that are in many cases contrary to those of the United States. These challengers employ unique combinations of influence, intimidation, coercion, and aggression to incrementally crowd out effective resistance, establish local or regional advantages, and manipulate risk perceptions in their favor. So far, the United States has not come up with a coherent countervailing approach. It is in this “gray zone”—the awkward and uncomfortable space between traditional conceptions of war and peace—where the United States and its defense enterprise face systemic challenges to U.S. position and authority. As a result, gray zone competition and conflict should be pacers for defense strategy.