Russian hacks keep coming

Investigators are keeping busy. [View in browser]( [Bloomberg]( Hey, it’s Katrina in Washington. If Russian hacking appears muted, just ask the cyber personnel responding to breaches right now. But first… Today’s must-reads: • The Buffalo massacre suspect [mapped his plans]( on the Discord app dating back to December • Elon Musk’s Twitter debt burden is a [bigger problem than bots]( • China is now the second-largest location for Bitcoin mining, despite [a government ban]( The Russian hacking you haven’t heard about Right now, cyber investigators at Mandiant say they’re actively responding to more than a dozen live intrusions by Russian foreign intelligence services aimed at diplomats, military computers, defense contractors and other targets. Mandiant is a security company that responds to breaches worldwide, and says it works with more than 75 of America’s 100 highest-revenue companies. Its update comes amid repeated Biden administration warnings that Russia is considering cyberattacks against critical US infrastructure. One reason the Russian attacks aren’t making headlines is that, according to Mandiant’s findings, the actual number of them is roughly in line with normal levels. What’s changed recently is the focus. As the world reacts to Russia’s invasion, Germany, Turkey and the UK are obvious targets for Russian spies who are desperate to eavesdrop on diplomats’ discussions about their own national positions and for any insight into military support, John Hultquist, Mandiant’s vice president for intelligence analysis, told me. “They want to know what they’re thinking,” he said. Mandiant has identified Russians in “multiple” networks since February and is in the process of booting hackers out, he told me, without being more specific. Kevin Mandia, a former US Air Force officer who founded the company, which is now being bought by Google for $5.4 billion, added that suspected Russian cybercriminals are using ransomware to hit organizations “that you would call parts of or important to critical infrastructure.” But overall all this activity—both ransomware and espionage—appears to be “the normal amount” and “the same as usual” out of Russia, he added. Nearly three months into the invasion, assessments of how we should think of Russian activity in cyberspace remain many and various. The head of the UK’s eavesdropping agency, GCHQ, suggested last week that the concept of a cyber war was perhaps “overhyped.” Paul Nakasone, the army general who leads US Cyber Command, warned earlier this month that Russian cyberattacks aren’t yet “done” and that “this idea that nothing has happened is not right.” Rob Joyce, the NSA’s director of cybersecurity, told a conference last week that ransomware attacks are “actually down,” in part because the impact of sweeping economic sanctions has made it harder for them to operate. Ukraine has reported more than three times as many cyberattacks since the war began as in the same period last year. An analysis released Tuesday by Ukrainian authorities indicated Moscow might have “already used up all their available resources for waging cyberattacks.”  Russian planners may not have even turned their attention to developing larger hacks targeting the US and others until after the failure of Russian President Vladimir Putin’s quick-win strategy to take Kyiv became clear, several days into his war on Ukraine, Hultquist told me. Major cyber-espionage campaigns take months to plan, he added. “We have to be patient, because this is not over,” he said. As for longer-term solutions, Mandia said he thinks the best way to help prevent future attacks is to show that countries are ready to identify perpetrators. That’s exactly what the US and Europe did last week, when they pointed the finger at Russia for a cyberattack against Viasat modems at the onset of its Ukraine invasion. Mandia says he finds recognizing the patterns of an intrusion as easy as reading a children’s book, and that he’s never seen a good false flag operation, in which one nation masquerades as another. Which is why he wants more malicious actors held to account. “I've always felt attributions are important to change behaviors; hold the nations accountable,” he said. That is also a prerequisite for imposing any official response, such as sanctions. There is no question, he says, that if you have no risks or repercussions, “It's just gonna go on forever.” Moscow has consistently denied involvement in cyber-espionage. —[Katrina Manson](mailto:kmanson4@bloomberg.net) The big story Tech’s high-flying startup scene is getting a crushing reality check. Job cuts and a sour investment climate are hitting big companies like Stripe and Instacart, and may slam smaller ones as the [damage spreads](. What else you need to know SpaceX employees are offering to sell their shares at [a $125 billion valuation](. Sea’s gaming revenue grew faster than expected in the first quarter, [offsetting a slowdown]( across the rest of the Southeast Asian internet giant’s business. Kids are learning to play poker in virtual reality games, raising concerns that new generations of immersive technology will help kids become addicted to gambling. In one case, a Bloomberg News reporter watched as users [smoked virtual cigars and passed around digital guns]( while one user, who appeared to be 10 or 11 years old in real life, watched nearby. Apple plans to get staff back into the office [three days a week](. Follow Us More from Bloomberg Dig gadgets or video games? [Sign up for Power On]( to get Apple scoops, consumer tech news and more in your inbox on Sundays. [Sign up for Game On]( to go deep inside the video game business, delivered on Fridays. Why not try both? Like getting this newsletter? [Subscribe to Bloomberg.com]( for unlimited access to trusted, data-driven journalism and subscriber-only insights.​​​​​​​ You received this message because you are subscribed to Bloomberg's Fully Charged newsletter. If a friend forwarded you this message, [sign up here]( to get it in your inbox. [Unsubscribe]( [Bloomberg.com]( [Contact Us]( Bloomberg L.P. 731 Lexington Avenue, New York, NY 10022 [Ads Powered By Liveintent]( [Ad Choices](