For now, it is the ransomware attacks that have moved to the top of the administration’s agenda, because of their effects on ordinary Americans.
Jake Sullivan, the national security adviser, said days after the summit that it might take months to determine whether the warning to Mr. Putin resulted in a change in behavior. “We set the measure at whether, over the next six to 12 months, attacks against our critical infrastructure actually decline coming out of Russia,” he said on CBS. “The proof of the pudding will be in the eating, so we will see over the course of months to come.”
It was unclear from the data provided by the National Security Agency how many of the targets of the G.R.U. — also known as Fancy Bear or APT 28 — might be on the critical infrastructure list, which is maintained by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. At the time of the attacks on the election system in 2016, election systems — including voting machines and registration systems — were not on the list and were added in the last days of the Obama administration. American intelligence agencies later said Mr. Putin had directly approved the 2016 attacks.
But the National Security Agency statement identified energy companies as a primary target, and Mr. Biden specifically cited them in his talks with Mr. Putin, noting the ransomware attack that led Colonial Pipeline to shut down in May, and interrupted the delivery of gasoline, diesel and jet fuel along the East Coast. That attack was not by the Russian government, Mr. Biden said at the time, but rather by a criminal gang operating from Russia.
In recent years, the National Security Agency has more aggressively attributed cyberattacks to specific countries, particularly those by adversarial intelligence agencies. But in December, it was caught unaware by the most sophisticated attack on the United States in years, the SolarWinds hacking, which affected federal agencies and many of the nation’s largest companies. That attack, which the National Security Agency later said was conducted by the S.V.R., a competing Russian intelligence agency that was an offshoot of the K.G.B., successfully altered the code in popular network-management software, and thus in the computer networks of 18,000 companies and government agencies.
There is nothing particularly unusual about the methods the United States says the Russian intelligence unit used. There is no bespoke malware or unknown exploits by the G.R.U. unit. Instead, the group uses common malware and the most basic techniques, like brute-force password spraying, which relies on passwords that have been stolen or leaked to gain access to accounts.
The statement did not identify the targets of the G.R.U.’s recent attacks but said that they included government agencies, political consultants, party organizations, universities, and think tanks.
Comments