Cyber Front: Russia - Ukraine
Cyber warfare is an important aspect of the ongoing war between Russia and Ukraine. The skills learned on the battlefield of today could have a major impact on the world of tomorrow.
Russia and Ukraine are fully engaged in a cyber war. Image source
On December 12, Russia launched a cyberattack on Kyivstar – Ukraine's largest telecommunications provider –temporarily taking nearly 25 million users offline. The company's CEO later described the attack as "the biggest cyberattack on (telecommunications) infrastructure in the world." The attack even disrupted Ukraine's air raid warning system, resulting in alarm failures across the country. Additionally, Ukraine's largest bank, PrivatBank, reported that the attack took some 30% of its cashless terminals offline. Russian hackers have reportedly targeted Kyivstar in over 500 separate incidents since the February 2022 invasion of Ukraine.
Cyberspace is an integral part of the ongoing war between Russia and Ukraine, with both sides ramping up efforts to target each other's military and civilian infrastructure and engaging in extensive propaganda campaigns. This cyber war continues to produce consequences not only for military operations but also for civilian life in both countries and others worldwide. Furthermore, the skills developed on both sides of this conflict could have a lasting impact on global cybercrime for years to come.
Kyivstar CEO Oleksandr Komarov claims the December 2023 Russian attack on his company was the largest of its kind. Image source
Russian operations
Russian cyber operations against Ukraine increased dramatically during the initial stages of the war. In January 2022 – barely a month before the invasion – Russian hackers temporarily shut down over 70 Ukrainian government websites, leaving messages that Ukrainians should "prepare for the worst." In February, Russia deployed malware that disrupted the Viasat satellite system, causing more than 30,000 internet connections and 5,000 wind turbines across Europe to cease functioning. In October 2022, SpaceX reported that their Starlink network repelled several Russian cyberattacks targeting Ukraine. In December of that year, Russian cyber agents penetrated Delta, a Ukrainian military intelligence platform that serves as the "eyes" of the
Ukrainian armed forces, collecting data on all matters related to the war effort. The Ukrainian government reported that cyber incidents against the country nearly tripled in 2022. Russian hackers continue to find innovative ways to target Ukraine. In January 2023, Mandiant – a Google subsidiary and cybersecurity firm – discovered that a Russian hacking collective known as Turla actively utilized a largely undetected malware named Andromeda, which spreads through infected USB drives to give Russian agents access to crucial intelligence on Ukraine. Last August, an advisory from the U.S. and its "Five Eyes" allies – Australia, Canada, and the United Kingdom – confirmed a Ukrainian intelligence report that found Russian hackers sought to infiltrate Android tablets used by the Ukrainian military for "planning and performing combat missions."
Aside from attacks on Ukraine's cyber infrastructure, Moscow uses disinformation campaigns to hinder Ukrainian resistance. In March 2024, Slovak cybersecurity company ESET exposed one of Russia's IW campaigns targeting Ukrainian citizens titled Operation Texonto. During this operation, Russian hackers posed as official agencies of the Ukrainian government, warning Ukrainian citizens of impending shortages of food, medical, and heating supplies in emails. Other emails sent by the operatives even suggested Ukrainians cut off their limbs to avoid conscription. The Kremlin's propaganda apparatus also established a TikTok campaign to spread rumors about official corruption in Ukraine through multiple accounts.
Russian accounts regularly spread disinformation about the war on Tiktok. Image source
Ukrainian Defense & Counter-attacks
Ukraine employs several measures to counter Russian cyberattacks, partnering extensively with Western multinational corporations and governments. Days before the Russian invasion, Ukrainian authorities transferred much of the country's digital infrastructure from physical servers in vulnerable buildings to the public cloud. Microsoft aided this process by providing technical support to speed up the transfer process. In a similar initiative, Amazon Web Services (AWS) sent suitcase-sized computer drives across the Polish border to help Kyiv back up essential government data. In early 2024, Ukraine signed multiple security agreements with Western allies, including Denmark, Germany, France, and the U.K., to counter Russian cyberattacks. These countries pledged to provide – among other things – technical assistance related to detecting cyber espionage and countering disinformation.
Kyiv is now mounting a cyber offensive against Russia. In February 2024, Cyber Security Director at Ukraine's Central Security Service (SBU), Illia Vitiuk, said that Ukraine continues to hack Russian state and private companies, successfully gathering critical intelligence to thwart Russian cyberattacks and espionage operations. Throughout the ongoing conflict, the SBU has attacked Moscow's scientific research center, state tax service, and Russia's largest private bank. Ukrainian civilians are also involved in their country's cyber offensive with the Ukrainian IT Army – a conglomeration of international and Ukrainian volunteer hackers working in collaboration with Ukraine's defense ministry – regularly spreading alternative news about the war to Russian citizens, among other operations. Another example is the Ukrainian Cyber Alliance, a group of Ukrainian digital activists partnered with the Ukrainian government, who hacked into Alfabank, a Russian bank that caters to the country's wealthy elite, last November.
Ukrainian hackers increasingly target Russia's military and political institutions. In late January 2024, an independent analyst named 'PS01' revealed that a cyberattack took down a 'special communications' server at Russia's Ministry of Defense, reportedly disrupting communications between ground forces and central command. Although the attack has not been verified, many view it as a victory against Russia's cyber infrastructure. In another January incident, a group of Ukrainian hackers known as 'Blackjack' successfully mined over 1.2 terabytes of data from more than 500 Russian military sites. During the March 15–17 Russian presidential election, Russian authorities claimed they received over 160,000 attacks targeting electronic voting terminals. Although these were unsuccessful, President Putin pledged to 'punish' Ukraine for the attempted election disruption following his landslide victory.
Cyber Security Director at Ukraine's Central Security Service (SBU), Illia Vitiuk has spearheaded multiple cyber attacks on Russian military institutions and major corporations. Image source
Global Implications of cyber-warfare
Cyberattacks by Kyiv and Moscow have real-world implications for the war effort and civilian lives. Less than a month before the war's outbreak, economists at Goldman Sachs warned that the Kremlin's cyberattacks could inflict billions in damages. Three years on, we are seeing the results of this damage play out in real-time. With some experts predicting that cybercrime could cost the world some $10.5 trillion annually by 2025, the skills honed in this war could dramatically impact the world's future as former agents with battlefield training potentially engage in online criminal activity.
The ongoing cyber war between Russia and Ukraine is now spreading as Russia uses cyber espionage to target individuals and organizations not only in Ukraine but in the U.S., U.K., and other countries. In late 2023, the U.S. Department of Justice (DoJ) indicted several Russian individuals for their role in targeting U.S. Department of Energy facilities. In January 2024, Russian hackers launched a ransomware attack against Swedish government services, affecting operations at 120 government offices while Stockholm prepared to join NATO. In this way, we are already seeing the broad consequences of this war play out across cyberspace.
Conclusion
The cyber war playing out between Russia and Ukraine has already expanded to the world at large. In addition to disinformation campaigns that sow dissent and distrust, these campaigns have real-world consequences and can cost billions of dollars in damages. As Russia and Ukraine continue to engage in cyber warfare, the skills developed by operatives on both sides will likely have a lasting impact for years to come.
A sophisticated and very refined read gentlemen; However, the quickly broadening and ever advancing war 'might' suggest the warfare is a two way street, yes? ~M
So only Russia spreads misinformation?