Tracking the Cyberspace during Russo-Ukraine Crisis

Tracking the Cyberspace during Russo-Ukraine Crisis

All the elements for a cyber warfare appeared to be present in the Ukraine crisis. Moscow and Kiev are engaged in a game of power with the highest stakes, and both nations are very skilled in information systems and hacking. Cyberwar sceptics are still prevalent, and there are more concerns than there are solutions. 

Russia likely conducts cyberattacks against those other nations more frequently than any other major state. Russian cyberattacks may go hand in hand with military intervention, as in the ongoing conflict in Ukraine. Other times, like during the 2016 US Presidential election, Moscow launches cyberattacks to destabilize or weaken societies. Russia also threatens states with its powerful cyber weapons in reaction to an event, as it did in April when Finland invited the president of the Ukraine, Volodymyr Zelensky, to address its parliament.

With the aim of rallying global support and building an army of cybersecurity experts to assault Russian military and vital infrastructure targets, Ukraine has pursued a distinctive approach in cyberspace. It won't likely be feasible to gain a fuller grasp of the cyber component of the Russian invasion of Ukraine until the war is over. But we can at least track the available information regarding the cyber attacks occurred during the war.

When take the case of Russia it has launched the as series of distributed denial of service (DDoS), against the Ukrainian website in February to cripple the Ukrainian banking and defense websites which was reportedly emanated from the Russian military intelligence agency, (GRU). In the beginning of March, DanaBot, a malware-as-a-service platform, was found to be used by Russian companies to launch DDoS attacks against the Ukrainian military's websites. Russia has continued to sporadically infiltrate computers. It is uncertain who these groups are or whether they have ties to the Russian government.  On January 13, 2022, Wiper malware—called WhisperGate by Microsoft—was installed on Ukrainian machines. The wiper promised users what seemed to be a way to retrieve their data for a charge, but in actuality the malware wiped the machine. It was made to look like ransomware. On computer systems all around Ukraine, such as those used by the Foreign Ministry and the Ukrainian government, the wiper was discovered. The NotPetya virus, which affected the Ukraine and other major global corporations in 2017, is comparable to the two wipers employed in WhisperGate. Ukraine's Computer Emergency Response Team claimed on February 25 that Belarusian state-sponsored hacking organization UNC1151 had attempted to breach the email servers of its army members through a widespread phishing campaign. After breaking into the identities of military personnel, the hackers used the stolen contact lists to send additional malicious emails. UNC1151 may also be related to another phishing effort that used intercepted Ukrainian military emails to infect SunSeed malware into European government employees assisting Ukrainian refugees.

On the other hand, American company SpaceX came forward to help Ukraine amid Russian attacks were carried out over Ukraine. SpeceX has assured that it will provide its Starlink satellite broadband service, which has been disrupted in the country by the Russian invasion. Ukrainian efforst to sabotage Russian assets is also undergoing, on March 1, a decentralised organization of hacktivists called Anonymous "declared war" against the Russian government, claiming to have taken down state-owned media websites in the process. Over the previous two weeks, Anonymous appears to have repeatedly targeted media organizations that support Russia. Additionally, Anonymous asserted that it has compromised numerous significant Russian media outlets, including the government-run television networks Russia 24, Channel 1, Moscow 24, and the video services Wink and Ivi. Clips from the Ukrainian conflict were shown in between episodes of these services' programming. Volunteers organised through media platforms and Telegram platforms have helped Ukrainian initiatives online. One of the biggest initiatives made by the Ukrainian government to organize hacktivist activities is the IT Army of Ukraine. The IT Army has operated by publishing significant objectives to a Telegram channel with several hundred thousand of subscribers, and then allowing people or groups to execute assaults against the targets using the information supplied. The webpages of many Russian banks, the Russian electric grid, and the train system were all targeted by the IT Army, which also launched broad DDoS attacks against other important targets. The IT Army looks to be the main source of Ukrainian cyber power.

The intrusion of Ukraine by Russia in 2022 gave us the chance to learn more about Russia's use of cyberattacks during hostilities. Additionally, it enables analysts to have a broader understanding of Russia's cyberattack tactics. In the future, keeping a watch on the relationship between cyberattacks and their context may reveal hints about Russia's goals. It might also aid defense specialists in preventing the threat in the first place. The United States needs to figure out how to react to such threats not simply during a military conflict but also to the less common but enduring attacks which make up part of Russia's continuing proxy war against by the West. Given that Russia deliberately uses cyberattacks to disrupt countries without trying to provoke an armed confrontation.

Notes-

1.       Cyber War in Perspective: Russian Aggression against Ukraine https://ccdcoe.org/library/publications/cyber-war-in-perspective-russian-aggression-against-ukraine/

2.     US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command https://news.sky.com/story/us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command-12625139

3.      Russia’s Use of Cyberattacks: Lessons from the Second Ukraine War https://www.fpri.org/article/2022/06/russias-use-of-cyberattacks-lessons-from-the-second-ukraine-war/

4.     The cyber war between Ukraine and Russia: An overview https://www.reuters.com/world/europe/factbox-the-cyber-war-between-ukraine-russia-2022-05-10/

5.  Russia's war on Ukraine: Timeline of cyber-attacks https://www.europarl.europa.eu/RegData/etudes/BRIE/2022/733549/EPRS_BRI(2022)733549_EN.pdf

6.     Russia's war on Ukraine: Timeline of cyber-attacks https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2022)733549

7.     Tracking Cyber Operations and Actors in the Russia-Ukraine War https://www.cfr.org/blog/tracking-cyber-operations-and-actors-russia-ukraine-war

8.     What Russia’s Ongoing Cyberattacks in Ukraine Suggest About the Future of Cyber Warfare https://hbr.org/2022/03/what-russias-ongoing-cyberattacks-in-ukraine-suggest-about-the-future-of-cyber-warfare 


Pic Courtsey-Shahadat Rahman at unsplash.com

(The views expressed are thsoe of the author and do not represent views of CESCUBE.)