War Games – Charting Recent Russian Cyber Attacks in Ukraine

As the war continues on the ground in Ukraine, Russia also continues its cyber-attacks against Ukrainian institutions. Although cyber-attacks can be hard to trace to their source, it’s clear that cyber-attacks have been integrated into Russia’s strategy. Multiple serious cyber-attacks have been attributed to Russia, including attacks that preceded the military invasion of Ukraine on February 24.

While Russia’s cyberattacks have had an impact on the war in Ukraine, it has not been as severe as was originally feared. Russia has attacked Ukraine’s government websites but has yet to launch an attack on key infrastructures, like power grids.  

While Russia’s attacks have not been as severe as expected, that doesn’t mean they won’t ramp up in the coming weeks. Some suggest that the internal Russian cyber-attack strategy was initially left in the dust because of an unexpectedly shortened military timeline. Cyber-attacks can take considerable time to plan and implement, so if Russia’s military and cyber-attack strategy was not planned in tandem Russia’s cyber-attacks may not have yet hit full force.  

It’s important to remember that, unlike other forms of warfare, cyber-attacks are not limited to certain geographical areas. Even attacks targeted at Ukraine, like infamous 2017 the ransomware NotPetya, can infect computer networks around the world. Here is a quick breakdown of the most notable cyber-attacks to date, and what you should do as the cyber security threat continues to evolve: 

 

January 13 - 15 WhisperGate Wiper Malware 

Wiper malware, disguised as ransomware, was found on systems across Ukraine, including networks used by the Ukrainian cabinet and Ukraine's Foreign Ministry. This malware, dubbed WhisperGate, pretended to hold data ransom. However, instead of decrypting the data as promised, it wiped the entire system.  

 

January 14 – Attack on Ukrainian Government Websites 

Over 17 Ukrainian government websites, including the Ministry of Education and Ministry of Foreign affairs, were hacked on January 13. This attack defaced the sites with messages that said, “Be afraid and expect the worst.” This accompanied threats of personal data loss and destruction of computer files, although Ukraine’s Bureau of Investigation reported that no data was actually stolen. This attack has not been definitively attributed, although it is believed to either have come from Russia or Belarus, a Russian ally. 

 

February 15 – DDos Attack on Ukrainian Government Websites 

A distributed denial-of-service (DDoS) attack targeted Ukrainian websites on February 15. The attack hit Ukraine’s defense ministry, armed forces, and two major banks. This was connected to another attack that sent Ukrainian citizens misinformation intended to strike panic.  

 

February 15 – Russian Presence in Ukrainian Systems 

On February 15th, declassified intelligence revealed that Russian hackers had penetrated multiple Ukrainian systems, including military and energy systems. This position could not only allow them to collect information but also potentially disrupt essential services. 

 

February 23 - HermeticWiper Malware 

A new form of malware, dubbed HermeticWiper, was found spreading through Ukraine, targeting financial and government systems. This malware would delete or corrupt documents on the infected computer. This malware has reportedly spread out of Ukraine into Latvia and Lithuania. Several other malware attacks were identified and have similarities to the Russian backed group “Sandworm.” 

 

February 23 - DDos Attack on Ukrainian Government Websites 

Another round of cyber-attacks hit Ukrainian government websites on February 23. This attack affected the Ukrainian Ministry of Foreign Affairs, the Ministry of Defense, and the Ministry of Internal Affairs as well as some Ukrainian banks. This cyber-attack has been attributed to Russia, although Russia has denied all cyber-attack accusations.  

 

February 25 - Email and Phishing Attack 

A Belarusian hacking group, called UNC1151, has been accused of hacking the email accounts of multiple Ukrainian military personnel. These important email accounts were used to launch a mass phishing attack on their contacts, potentially compromising key systems to malware. They were also detected launching another phishing campaign in early March. 

 

March 11 – Internet Service Attack 

An attack on satellite internet is being investigated as a potential cyber attack from Russia after thousands of European customers were taken offline. The hackers disabled modems connected to a Viasat satellite that supplied internet to many European customers, including Ukraine. Viasat acts as a defense contractor for multiple countries, including the United States, so this attack has garnered significant global concern.  

 

March 21 – United States Cyber Security Statement 

President Biden issued a statement on March 21 urging everyone in the private sector to examine and strengthen their cyber defenses immediately. According to the statement, “evolving intelligence” showed that the Russian Government was exploring potential cyber-attack options against the US.  

 

How to Strengthen Your Cyber Defenses 

The following actions are crucial to strengthen your defenses against cyber-attacks: 

  • Use proper up-to-date security defense systems, like firewalls, antivirus, and anti-malware, that can detect and deter threats. 
  • Use multi-factor authentication for all systems and update passwords (especially if passwords have been compromised before). 
  • Make sure that your system is checked for vulnerabilities and patched against known issues. 
  • Back up important data and keep additional backups offline away from hackers. 
  • Encrypt or tokenize sensitive data that could be stolen. 
  • Have a plan in place if your organization undergoes an attack, and test and update the plan regularly. 
  • Educate all employees about potential threats. Make sure employees can identify phishing attacks, know how to keep their passwords strong and safe, and understand company policies for dealing with suspicious activity. 

While Russia’s initial cyber-attacks have not been of the magnitude or severity that many predicted, there is still a cause for concern. Russia’s cyber-attacks have not come without consequence, and many attacks, especially malware attacks, may easily spread from Ukraine to other countries. Even as the outcome of these global events remain unclear, proactive cyber security defense measures must be taken both in government systems and the private sector.  

Topic(s):