Russia is using an onslaught of cyber attacks to undermine Ukraine's defence capabilities

As Ukrainian cities come under air attack from Russian forces, the country has also suffered the latest blows in an ongoing campaign of cyber attacks. Several of Ukraine’s bank and government department websites crashed on Wednesday, the BBC^[1] reports.

The incident follows a similar attack just over a week ago^[2], in which some 70 Ukrainian government websites crashed. Ukraine and the United States squarely blamed Russia.

With a full-scale invasion now evident^[3], Ukraine can expect to contend soon with more cyber attacks. These have the potential to cripple infrastructure, affecting water, electricity and telecommunication services – further debilitating Ukraine as it attempts to contend with Russian military aggression.

A critical part of Russia’s operations

Cyber attacks fall under the traditional attack categories of sabotage, espionage and subversion.

They can be carried out more rapidly than standard weapon attacks, and largely remove barriers of time and distance. Launching them is relatively cheap and simple, but defending against them is increasingly costly and difficult.

After Russia’s withdrawal from Georgia in 2008, President Vladimir Putin led an effort to modernise the Russian military^[4] and incorporate cyber strategies. State-sanctioned cyber attacks have since been at the forefront of Russia’s warfare strategy.

The Russian Main Intelligence Directorate (GRU) typically orchestrates these attacks. They often involve using customised malware (malicious software) to target the hardware and software underpinning a target nation’s systems and infrastructure.

Among the latest attacks^[5] on Ukraine was a distributed denial of service (DDoS) attack.

According to Ukraine’s minister of digital transformation, Mykhailo Fedorov, several Ukrainian government and banking websites went offline as a result. DDoS attacks use bots to flood an online service, overwhelming it until it crashes, preventing access for legitimate users.

A destructive “data-wiping” software has also been found circulating on hundreds of computers in Ukraine, according to reports^[6], with suspicion falling on Russia.

On February 15, Ukraine’s cyber police said citizens were receiving fake text messages claiming ATMs had gone offline (although this wasn’t confirmed). Many citizens scrambled to withdraw money, which caused panic^[7] and uncertainty.

Ongoing onslaught

In December 2015, the GRU targeted Ukraine’s industrial control systems networks with destructive malware. This caused power outages in the western Ivano-Frankivsk region. About 700,000 homes were left without power for about six hours.

Read more: Cyberattack on Ukraine grid: here's how it worked and perhaps why it was done^[8]

This happened again in December 2016. Russia developed a custom malware called CrashOverride^[9] to target Ukraine’s power grid. An estimated one-fifth of Kiev’s total power capacity was cut^[10] for about an hour.

More recently, US officials charged six Russian GRU officers^[11] in 2020 for deploying the NotPetya ransomware. This ransomware affected computer networks worldwide, targeting hospitals and medical facilities in the United States, and costing more than US$1 billion in losses.

NotPetya was also used against Ukrainian government ministries, banks and energy companies, among other victims. The US Department of Justice called it “some of the world’s most destructive malware to date”.

Another Russia-sponsored attack^[12] that began as early as January 2021 targeted Microsoft Exchange servers. The attack provided hackers access to email accounts and associated networks all over the world, including in Ukraine, the US and Australia.

References

1. ^{^} the BBC (www.bbc.com)
2. ^{^} just over a week ago (www.bbc.com)
3. ^{^} invasion now evident (www.aljazeera.com)
4. ^{^} modernise the Russian military (www.nytimes.com)
5. ^{^} latest attacks (www.cnbc.com)
6. ^{^} reports (www.reuters.com)
7. ^{^} caused panic (spravdi.gov.ua)
8. ^{^} Cyberattack on Ukraine grid: here's how it worked and perhaps why it was done (theconversation.com)
9. ^{^} CrashOverride (www.cisa.gov)
10. ^{^} was cut (www.wired.com)
11. ^{^} US officials charged six Russian GRU officers (www.justice.gov)
12. ^{^} Russia-sponsored attack (www.volexity.com)
13. ^{^} Six European Union countries (www.reuters.com)
14. ^{^} cyber security training (www.abc.net.au)
15. ^{^} released a General Security Advisory (www.cisa.gov)
16. ^{^} similar warnings (www.abc.net.au)
17. ^{^} denied involvement (www.abc.net.au)