With Russian advancement in its war with Ukraine often stalled, the country has frequently turned to cyberattacks to cause mayhem for the defenders.
Around the Feb. 24 anniversary of Russia’s invasion, cybersecurity experts observed dozens of state-sponsored attacks on Ukrainian targets, including internet services, power stations, and government websites.
NEW START TREATY: PUTIN SUSPENDS PARTICIPATION IN LAST REMAINING NUCLEAR DEAL WITH US
Ukraine’s own State Service of Special Communications and Information Protection reported that the overall number of cyberattacks on the country in 2022 nearly tripled from 2021 levels. Attacks from Russian IP addresses increased by 21%, it said.
The Council on Foreign Relations’ cyber operations tracker logged 29 state-sponsored attacks on Ukraine in 2022, with nearly all attributed to hacking groups affiliated with the Russian government.
Still, the think tank’s list may not be exhaustive, cybersecurity experts said. Many cybersecurity organizations have seen a significant increase in cyberattacks on Ukraine and its allies since the invasion began.
For example, between Feb. 24 and March 1, 2022, the Canadian Centre for Cyber Security identified at least seven major cyberattacks against Ukrainian targets, with four Russian hacking groups identified as the likely culprits.
On Feb. 24, distributed denial of service, or DDoS, attacks targeted Ukraine’s defense ministry and major banks there. The U.S. government attributed the attacks to Russian military intelligence officers, noted Jack Nichelson, CISO of cybersecurity provider Inversion6. And on March 1, wiper malware targeted several Ukrainian organizations, including media companies and government agencies, with the goal of destroying computer systems and stealing data. Microsoft linked the attacks to Russian hackers.
“Cyberattacks have the potential to be a decisive factor in an active war scenario,” Nichelson said. “While it is true that cyber operations may not be the sole determining factor in the conflict’s outcome, they can significantly impact critical infrastructure and communication systems, which could lead to severe consequences for either side.”
In addition, cyberattacks can have a psychological impact because “they can spread misinformation and propaganda to influence public perception,” he added.
Russian cyberattacks on Ukraine began even before the ground war, with major attacks beginning in mid-January, added Tom Kellermann, senior vice president of cyber strategy at cybersecurity provider Contrast Security.
Destructive attacks have come from Sandworm, alleged to be a Russian cybermilitary unit; Gamaredon, a pro-Russian hacking group; and Turla, a cyberespionage group linked to Russia, he noted, although the three groups have been active for years. Some of these recent attacks were suppressed, however, due to “unprecedented” information sharing and defense tactics by NATO members and the Joint Cyber Defense Collaborative, a CISA-formed group including several U.S. agencies and technology companies, he said.
Kellermann expects the Russia-based cyberattacks to continue as the war goes on, citing Vladimir Putin, the Russian strongman and leader. “Putin will unleash the hounds,” Kellermann said. “We will see an increase of destructive attacks enabled by both the manifestation of more zero-days and new wiper malware.”
He predicted an attack on a major U.S. cloud provider, with its resources hijacked to launch destructive attacks against Ukraine and its allies. “I also foresee widespread targeted attacks against the U.S. energy, transportation, and healthcare sectors with the intent to disrupt and degrade real-world operations,” he added.
Attacks on Ukraine over the past year have come in many forms, cybersecurity provider Flashpoint notes in a recent report. Flashpoint observed destructive malware wipers being used against Ukraine, Russia hacktivists, including Killnet, using DDoS attacks, and the use of pro-Russian war bloggers and disinformation campaigns.
“We will likely still see changes in how the war is fought, by what means, and at which targets,” Flashpoint researchers wrote. “When it makes more sense to attack Western entities, Russia may very well shift tactics — major cyberattacks take time. When it makes strategic sense, the face of war will change again.”
In addition to Kellermann, other cybersecurity experts say Russian cyberattacks have been less effective than some had feared.
“Ukraine has been surprisingly resilient against the attacks, showing a skill and dedication from the defenders that the Russian attackers certainly didn’t expect,” said Mike Parkin, senior technical engineer at Vulcan Cyber, a cyber risk remediation provider. “Russia has some extraordinarily skilled threat actors at their disposal, which makes Ukraine’s defense even more impressive.”
Russian operatives have long had a strong reputation for cyberwarfare and are suspected of supporting many advanced cybercriminal groups, he added. Given this reputation, “I was pleasantly surprised Ukraine’s defense has been as successful as it has,” Parkin added.
Still, Russia is sure to continue its cyberattacks, he added.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
“They may alter the tools and tactics they use to try and get past Ukraine’s defenses, but they won’t stop,” Parkin said.
There will be effects beyond Ukraine, he added. “There has been fallout outside the theater of operations resulting from the unintended spread or deliberate efforts to engage with Ukraine’s allies abroad,” he said. “The takeaway being that warfare doesn’t always stay in theater, especially when the whole world is reachable from the internet.”
