The cyber war
(Reuters) – Ahead of Russia’s invasion of Ukraine, Western intelligence agencies warned of potential cyber attacks which could spread elsewhere and cause “spillover” damage on global computer networks.
While there has been little evidence of spillover to date, the cyber war in Ukraine rages on. The following is an overview of how the conflict has unfolded in cyberspace: EARLY DAYS
In 2021, groups aligned with Russian security services began laying the groundwork for a military incursion, according to Microsoft.
The company said suspected Russian cyber actors gained access to the networks of several different Ukrainian energy and IT providers in late 2021. Some of these targets were later hit in 2022 with destructive computer viruses that deleted data and disabled computers.
BEFORE THE INVASION
There were a flurry of cyber operations against Ukrainian targets in the weeks ahead of Russia’s invasion on Feb. 24.
In January, researchers discovered destructive malware called Whisper Gate circulating in Ukraine.
Whisper Gate closely mirrored a 2017 Russian cyber attack against Ukraine, known as Not Petya, that similarly destroyed data on thousands of local computer systems.
After Whisper Gate’s discovery, a spate of distributed denial of service (DDoS) attacks briefly knocked Ukrainian banking and government websites offline.
The DDoS flood was later attributed to Russia by Britain and the United States.
BEFORE THE INVASION
Then, days before the invasion, cybersecurity researchers discovered more data-wiping malware in Ukraine.
Slovakian cybersecurity firm ESET said it found new wipers which were engineered months prior.
The discovery indicated that Russia’s hackers knew tensions between the Kremlin and Kyiv would soon escalate.
Britain’s National Cyber Security Centre (NCSC) said on Tuesday that Russian Military Intelligence was “almost certainly” behind the Whisper gate malware.
THE CYBER WAR STARTS
In the early hours of Feb. 24, as Russian forces entered eastern Ukraine, hackers crippled tens of thousands of satellite internet modems in Ukraine and across Europe.
The modems provided internet to thousands of Ukrainians. It remains one of the biggest publicly known cyber attacks to have taken place in the conflict.
The attack, against a network controlled by U.S. satellite firm Via sat, caused a “really huge loss in communications” at the outset of the war, senior Ukrainian cybersecurity official Victor Zhora said.
Britain and the European Union attributed the digital blitz against Via sat’s network to Russia on Tuesday. Britain’s Foreign Office said Russia was behind the operation, citing “new UK and U.S. intelligence,” without elaborating. HYBRID WAR
After the invasion, Russian hackers compromised several important Ukrainian organizations, including nuclear power companies, media firms and government entities, according to Microsoft.
Though it is difficult to track the goals of each hack, one notable incident happened on Mar. 1, when a missile strike against Kyiv’s TV tower coincided with widespread destructive cyber attacks on Kyiv-based media.
Days later, Microsoft detected a Russian group on the networks of an unnamed Ukrainian nuclear power company, just as Russia’s military occupied the Zaporizhzhya nuclear power station – the largest of its kind in Europe.
Russian cyber and military forces
Senior U.S. national security officials say Moscow is now combining Russia’s cyber and military forces.
“We have seen the Russians having an integrated approach to using physical and cyberattacks, in an integrated way,
to achieve their brutal objectives in Ukraine,” senior White House cybersecurity
official Anne Neuberger told a conference.
INDUSTROYER On April 12, Zhora, ESET and Ukraine’s computer emergency response team said in a series of statements that an elite Russian hacking team known as Sand worm,
which attacked Ukraine’s power grid in 2015, had attempted days earlier to
cause another blackout in the country. The hackers, reportedly part of Russia’s military intelligence agency,
designed a piece of malware named Industroyer 2, which could manipulate
equipment in electrical utilities to control the flow of power.
Industroyer 2 had been deployed on an unnamed electrical substation that provides power to roughly 2 million locals, Ukrainian officials said. While the attack failed, Zhora said, the “intended disruption was huge.”
THE CYBER WAR OR THE HACKTIVISM
HACKTIVISM As war broke out, Ukraine called on hacktivists to help the country defend itself from Russia.
Since then, a steady stream of unnamed,
anonymous hacktivists from both sides have taken to social media
claiming to have conducted successful intrusions into either Russian or Ukrainian targets.
In some cases, the hacktivists have posted screenshots or caches of documents to prove their claims, but their actions have proven difficult to verify or measure, researchers say.
Russian government agencies and companies seemingly affected by the Ukraine-allied hacktivists have declined to comment.
The cyber war between ukraine and russia