Amid Warnings of Cyberattacks in Ukraine, U.S. Companies ‘Sitting and Waiting’

“Waiting is very disconcerting,” said Dawn Cappelli, former chief information security officer of Milwaukee, Wis., manufacturing-tech company

Rockwell Automation Inc.

Ms. Cappelli, who retired Feb. 2, said she has kept in contact with her team as they evaluated their systems for suspicious activity.

“You’re just sitting there waiting for the first indicators to start appearing, and then relying on the sharing of that information as quickly as possible,” she added.

Russia’s relatively limited cyber operations so far are more likely due to deliberate restraint than a lack of capabilities, Sen. Mark Warner, chairman of the Senate Intelligence Committee, told The Wall Street Journal Friday. But the Virginia Democrat cautioned that the Kremlin could quickly change course.

Security experts also warn that the incidents so far may open the door for scammers or criminal groups that operate within Russian spheres of influence. On Friday, the Conti ransomware gang announced “full support” of the Kremlin on its blog, according to Dmitry Smilyanets, a product manager with the cyber firm Recorded Future.

“If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use all our possible resources to strike back at the critical infrastructures of an enemy,” Conti wrote, according to a screenshot shared by Mr. Smilyanets.

The fast-moving conflict has left corporate security teams thousands of miles away studying their own network logs and sifting through a flood of threat intelligence from Ukrainian authorities, U.S. officials and cybersecurity researchers. Some firms have responded by more aggressively monitoring their computer systems in the region. Others, including the cloud-infrastructure and security firm

CloudFlare Inc.,

have moved customer information off servers in Ukraine out of precaution.

The situation has created fear, uncertainty and doubt for many U.S. firms that aren’t likely targets, said Jake Williams, a faculty member at the cyber consulting firm IANS Research.

“As you speak to your executives, your stakeholders, let’s really bring down the FUD level a bit,” said Mr. Williams, speaking Friday at a virtual event hosted by the SANS Institute, a training organization.

Hackers in recent days have targeted the Ukrainian government, its contractors and state-owned banks with destructive wiper malware that could render machines unusable, as well as distributed denial-of-service incidents that took websites offline.

On Friday, as Russian troops approached the capital city of Kyiv, the Computer Emergency Response Team of Ukraine alleged in a

Facebook

post that hackers linked to Belarus, a Kremlin ally to Ukraine’s north, are trying to hack military personnel’s phones through a widespread phishing campaign.

The hacking infrastructure reported by Ukraine’s CERT aligns with a group believed to be linked to the Belarusian military, said Ben Read, director of cyber-espionage analysis at U.S. security firm

Mandiant Inc.

Data gleaned from such attacks could be used to bolster Russian disinformation campaigns, he said, while “personal data of Ukrainian citizens and military can be exploited in an occupation scenario.”

Belarus’s Ministry of Foreign Affairs didn’t immediately respond to a request for comment. The Kremlin has repeatedly denied carrying out malicious cyber operations in the past.

Confusion created by such incidents could distract security teams from other threats, cyber experts warn. Employees’ personal connections to Ukraine, which boasts a relatively large tech sector, may also make them easier targets, said Ms. Cappelli, formerly of Rockwell Automation.

“People are concerned about family and friends,” she said. “You’re up against sophisticated adversaries who know they can prey on people’s emotions.”

—Nicolle Liu contributed to this article

Write to David Uberti at [email protected] and Kim S. Nash at [email protected]