Ukraine has seen a threefold increase in cyberattacks in the past year, with Russian hacking sometimes used in combination with missile strikes, according to a senior official at the country’s cybersecurity agency.
Attacks from Russia have often taken the form of destructive disk-wiping malware, said Viktor Zhora, a top figure at the country’s SSSCIP agency, with “in some cases cyberattacks sustaining kinetic effects.”
Zhora’s comments came as he visited London’s National Cyber Security Center (NCSC), part of GCHQ, where he and his Ukrainian counterparts were to discuss how to work together to tackle the Russian threat.
Welcoming them, Tom Tugendhat, the UK security secretary, said the fight “against Russian barbarism goes beyond the battlefield” and the terror inflicted on civilians. “There is a real and persistent threat of a Russian cyberattack against Ukraine’s critical infrastructure,” he added.
A day earlier, SSSCIP published an analysis of Russia’s cyber strategy during the war so far, which concluded that cyber attacks on Ukraine’s energy infrastructure last fall were linked to its sustained bombing campaign.
Russia launched “powerful cyber attacks to cause maximum blackouts” on Nov. 24, the report said, in tandem with waves of missile strikes on Ukraine’s energy facilities that at the time had forced all of the country’s nuclear plants to shut down .
Enemy hackers carried out 10 attacks a day against “critical infrastructure” in November, according to Ukraine’s domestic intelligence agency SBU, part of a wider effort to leave millions without power amid plunging temperatures.
The cyberattacks were also coordinated with Russian “information-psychological and propaganda operations,” the SSSCIP said, aimed at trying to “shift responsibility for the consequences.” [of power outages] of Ukrainian state bodies, local authorities or large Ukrainian enterprises’.
Russian hackers range from highly professional military groups, part of the Kremlin’s security complex, to criminal gangs, often looking for money, to so-called pro-Kremlin “hacktivists.”
Ukraine appears to have had some success in dealing with and containing Russian and pro-Russian hacking attacks since the start of the war, although Kyiv has been aided by significant Western support. The UK provided a £6.35m support package to help with incident response and information sharing, plus hardware and software.
British officials hosting the Ukrainians added that there had been no increase in Russian cyber activity targeting the West, although some attacks were aimed at “Russia’s near abroad”, most notably Poland, which has reported an increase in attacks against the government and strategic goals from autumn.
In late October, Poland’s senate was hit by a cyber attack, a day after the country’s upper house unanimously passed a resolution describing the Russian government as a terrorist regime. Poland later blamed the pro-Russian group NoName057(16) for a denial-of-service attack aimed at shutting down its website.
Warsaw has also accused the pro-Russian group Ghostwriter, which its experts believe operates out of Belarus and has ties to the Kremlin’s GRU military intelligence, of engaging in a disinformation campaign aimed at trying to hack the email addresses and social media accounts of public persons in the country.
Britain continues to believe that there remains a significant threat to British organizations from Russian cyber activity, but it has apparently not intensified since the start of the war. Nor is there any indication that Russian cleaner malware is targeting organizations in the UK.
However, UK experts warned there was “pre-positioning” in case a denial of service or other cyber-attacks were ordered. UK organizations are being urged to continue to review their digital security during what the NCSC considers a “prolonged period of increased threat”.
Add Comment