Picture Credit: Jefferson Santos
A Cyber war has broken out in addition to the ground war taking place between Russia and Ukraine. Hackers (both state-backed and amateurs) are rushing in from everywhere to support their chosen government to make a statement and advance their cause.
In the few weeks leading up to the war, Ukrainians experienced cyber-attacks in the form of financial and government service websites (including the Ministry of Foreign Affairs and the Education Ministry) being knocked offline temporarily, and “wiper” attacks which removed data from a number of private company networks.
With the invasion, Russia unleashed several minor hacks starting in January, defacing more than 70 Ukrainian websites. Some were defaced with a warning directed at Ukrainians to “expect the worst”. In early February, a series of Distributed Denial of Service(DDoS) attacks were purportedly launch by the Russian military intelligence agency GRU. These attacks targeted Ukrainian banking and defense websites.
The Ukrainian government states that they have been facing continuous, intrusive and destructive cyber-attacks targeting the government and infrastructure networks. The Ukrainian government claims that their cyber-defenses repel most of the attacks, however it seems that individual officials are now being targeted. Just last week, Proofpoint had revealed that hackers linked to Belarus, had targeted the refugee crisis, sending out phishing emails using a compromised account of a Ukrainian military official. “The operational tempo of these campaigns, specifically those against European governments, have increased sharply since Russian troops began amassing on the border of Ukraine,” Proofpoint stated.
Amid the chaos, it seems that China has also joined in. Google reported on Monday, that their Threat Analysis Group (TAG) detected phishing emails containing malicious attached files named as “Situation at the EU borders with Ukraine.zip”. According to Google, Mustang Panda, a Chinese group, had targeted European entities with said phishing emails.
However, apart from the obvious attacks that have taken place, Ukraine states that their defenses have been able to thwart any large impactful attacks thus far.
A majority of people all over the world are less than happy about Russia’s choice for violence, voicing their disapproval through protests being held all around the world, even within Russia, as 48 Russian cities have started protests.
Picture Credit: Gayatri Malhotra
According to disinformation experts, Russia is currently trying its best to push false information surrounding the invasion. The lower chamber of Russia’s parliament recently approved of the “fake news” law that threatens those who publish information about the war that does not fit its narrative.
Experts say that it is not unexpected of Putin to prefer a disinformation-heavy strategy over destructive hacks as it has been favoured before.
Russian officials have blocked access to social media (Facebook) as well as major foreign news outlets. Hundreds of activists who protested against the invasion have been arrested, and many have been fined substantially for spreading “false information”.
Russia also has an arsenal of groups supporting them, Conti has made clear of their full support to Russia (Emsisoft ransomware expert, Brett Callow had tweeted), alongside Minsk-based group ‘UNC1151’, Zatoichi, Killnet and Stormous Ransomware to name a few.
Meanwhile, on the 5th, Ukraine’s Minister of digital transformation, Mykhailo Fedorov stated, “We are creating and I.T. army”, with a Telegram channel for sympathetic volunteers, containing instructions for knocking Russian websites offline, the channel had over 285,000 subscribers by Friday.
Yegor Aushev, co-founder of the Ukrainian Cybersecurity company Cyber Unit Technologies, posted a call on social media for programmers to get involved. His company offered a $100,000 (in cryptocurrency) reward for those able to find bugs in Russian software.
This week consisted of a chain of attacks orchestrated by Ukraine’s volunteer hackers, targeting Russia’s largest stock exchange as well as the Russian Foreign Ministry and a State controlled bank (Sberbank ). An energy provider named Gazprom was also the target of a DDoS attack.
Picture Credit: Mikhail Fesenko
Hacktivists have rallied to support Ukraine and move against Russia. The Ukraine government estimates that their may be as many as 400,000 hackers fighting online in favour of Ukraine.
A Hacking collective known as Anonymous officially declared itself to be in a cyber war with the Russian government. On Monday this week, Anonymous had hacked Russian news channels such as “Russia 24”, “channel one”, and “Moscow 24”, showcasing footage of Russia’s actions in Ukraine. https://twitter.com/YourAnonNews/status/1500613013510008836?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1500613013510008836%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fd-3325979740311970592.ampproject.net%2F2202230359001%2Fframe.html
This was a move to keep Russian citizens connected to the global community, as a reciprocation to Russia’s campaign to stop the spread of “fake news”. The “fake news” law has resulted in Tiktok and Netflix suspending parts of their service.
A marine tracking data defacement has resulted in Putin’s yacht being renamed to “FCKPTN” in maritime tracking data. Activists were also reported to be broadcasting troll faces on Russian military radio; https://twitter.com/YourAnonNews/status/1500614084965847046?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1500614084965847046%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Ffortune.com%2F2022%2F03%2F07%2Fanonymous-claims-hack-of-russian-tvs-showing-putins-ukraine-invasion%2F
Anonymous tweeted on Sunday; “We continue to help Ukrainians in their fight against Russian occupation forces”. Another group disabled EV charging stations in Russia, reprogramming them to display messages such as “Glory to Ukraine.”
NB65 is another group connected to Anonymous, who extended their support to Ukraine, tweeting; “#Anonymous is not alone. NB65 has officially declared cyber war on Russia as well. You want to invade Ukraine? Good. Face resistance from the entire world. #UkraineWar All of us are watching. All of us are fighting.”
As the back and forth keeps escalating, it is difficult to estimate what would transpire in the future, however, it is obvious that the cyber war has most likely become one of the most visibly impactful digital battlegrounds so far.
March 11th 2022 | 9:00 PM