While there has been little evidence of
spillover to date, the cyberwar in Ukraine rages on. The following is an
overview of how the conflict has unfolded in cyberspace:
In 2021, groups aligned with Russian security
services began laying the groundwork for a military incursion, according to
The company said suspected Russian cyber
actors gained access to the networks of several different Ukrainian energy and
IT providers in late 2021. Some of these targets were later hit in 2022 with
destructive computer viruses that deleted data and disabled computers.
BEFORE THE INVASION
There were a flurry of cyber operations
against Ukrainian targets in the weeks ahead of Russia’s invasion on Feb 24.
In January, researchers discovered destructive
malware called WhisperGate circulating in Ukraine.
WhisperGate closely mirrored a 2017 Russian
cyberattack against Ukraine, known as NotPetya, that similarly destroyed data
on thousands of local computer systems.
After WhisperGate’s discovery, a spate of
distributed denial of service (DDoS) attacks briefly knocked Ukrainian banking
and government websites offline. The DDoS flood was later attributed to Russia
by Britain and the United States.
Then, days before the invasion, cybersecurity
researchers discovered more data-wiping malware in Ukraine.
Slovakian cybersecurity firm ESET said it
found new wipers which were engineered months prior. The discovery indicated
that Russia’s hackers knew tensions between the Kremlin and Kyiv would soon
Britain’s National Cyber Security Centre
(NCSC) said on Tuesday that Russian Military Intelligence was “almost
certainly” behind the Whispergate malware.
In the early hours of Feb 24, as Russian
forces entered eastern Ukraine, hackers crippled tens of thousands of satellite
internet modems in Ukraine and across Europe.
The modems provided internet to thousands of
Ukrainians. It remains one of the biggest publicly known cyberattacks to have
taken place in the conflict.
The attack, against a network controlled by US
satellite firm Viasat, caused a “really huge loss in communications”
at the outset of the war, senior Ukrainian cybersecurity official Victor Zhora
Britain and the European Union attributed the
digital blitz against Viasat’s network to Russia on Tuesday. Britain’s Foreign
Office said Russia was behind the operation, citing “new UK and US
intelligence,” without elaborating.
After the invasion, Russian hackers
compromised several important Ukrainian organisations, including nuclear power
companies, media firms and government entities, according to Microsoft.
Though it is difficult to track the goals of
each hack, one notable incident happened on Mar 1, when a missile strike
against Kyiv’s TV tower coincided with widespread destructive cyberattacks on
Days later, Microsoft detected a Russian group
on the networks of an unnamed Ukrainian nuclear power company, just as Russia’s
military occupied the Zaporizhzhya nuclear power station – the largest of its
kind in Europe.
Senior US national security officials say
Moscow is now combining Russia’s cyber and military forces.
“We have seen the Russians having an
integrated approach to using physical and cyberattacks, in an integrated way,
to achieve their brutal objectives in Ukraine,” senior White House cybersecurity
official Anne Neuberger told a conference.
On Apr 12, Zhora, ESET and Ukraine’s computer
emergency response team said in a series of statements that an elite Russian
hacking team known as Sandworm, which attacked Ukraine’s power grid in 2015,
had attempted days earlier to cause another blackout in the country.
The hackers, reportedly part of Russia’s
military intelligence agency, designed a piece of malware named Industroyer 2,
which could manipulate equipment in electrical utilities to control the flow of
Industroyer 2 had been deployed on an unnamed
electrical substation that provides power to roughly 2 million locals,
Ukrainian officials said. While the attack failed, Zhora said, the
“intended disruption was huge.”
As war broke out, Ukraine called on
hacktivists to help the country defend itself from Russia.
Since then, a steady stream of unnamed,
anonymous hacktivists from both sides have taken to social media claiming to
have conducted successful intrusions into either Russian or Ukrainian targets.
In some cases, the hacktivists have posted
screenshots or caches of documents to prove their claims, but their actions
have proven difficult to verify or measure, researchers say.
Russian government agencies and companies
seemingly affected by the Ukraine-allied hacktivists have declined to comment.