Russia Steps Up Cyberwar Against Ukraine

Uploaded on 2023-12-20 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Since before the start of Russia's failed invasion in 2022,  Ukraine’s national infrastructure - beginning with  the electricity supply and telecoms -  has suffered from Russian cyber attacks. These have targeted the logistics, health care, agricultural and retail sectors, making it more difficult for Ukraine to produce and distribute food and medicine to its population. 

Frequent attacks against media, telecommunications and Internet providers make it harder for the country to keep its populace well informed about attacks using conventional weapons.

Those conducted against Ukraine’s energy providers and storage facilities undermine its ability to keep its population warm and able to work. However, Russia’s Winter cyber warfare campaigns have not limited their scope to targeting Ukraine-based entities alone  - they have frequently affected neighbouring  countries that support it

Now, the threat intelligence experts at Cyjax has published new research titled 'The Cyber Winter of Discontent'  which analyses the conflict in Ukraine makes predictions as to how Russia may conduct cyber military activity over winter this year.

It finds that Russia is facing a crisis of resources and manpower and with Ukraine receiving a steady supply of defensive weapons and technology from the West, Russia may struggle to effectively deploy malware against its critical national infrastructure at scale. Cyjax think that Russia may turn its attention to more cost-effective tactics outside of the region in an effort to disrupt supply chains and deter the West from supplying its ally. 

In particular, analysts at Cyjax have made multiple predictions on how the country will strategise over the cold months:

  •  Russia will likely choose to keep some cyber attack resources in reserve rather than exhausting them all during this war, to ensure that they retain offensive and defensive capabilities should they be invaded themselves.
  •  Hacktivism will be a core component of Russia’s campaign, due to its low operational cost and the level of plausible deniability.
  •  Cyjax has observed a number of hacktivist groups increasing in activity namely: UserSec, SiergedSec, NoName057, AnonymousSudan, AnonymousRussia, and Killnet.
  •  In an effort to disrupt military supply chains in 2024, Russia will continue to target the CNI of Ukraine’s allies; it is likely cyber defences outside of Ukraine have remained comparatively weak as they have not been so heavily targeted in comparison to those of Ukraine.
  •  Cyjax has observed many pro-Kremlin hacktivist collectives switching their targeting away from Ukraine to attacks on organisations based in Israel and those countries supporting it. 

“The West’s support to Ukraine’s cyber defences has stagnated Russian attacks, putting the Russia in a difficult position as it struggles to find resources for a cyber and kinetic attack... which is why it makes sense that it would turn its attention to western critical infrastructure to induce war fatigue and disrupt supply chains" according to Roman Faithful, Cyber Intelligence Lead at Cyjax. 

Although military experts anticipate less activity on the ground over the winter period, businesses and cyber security experts should be on their guard for any irregular activity and bolster their defences across the cyber and information space over what could be a very difficult winter in Ukraine.

Image: Alexandra Koch

You Might Also Read: 

Online Conflict In Gaza & Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Joint Opposition To Online Threats From North Korea
Artificial Intelligence Is Good For The Legal Profession »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

Thales

Thales

Thales provides solutions, services and products that help its customers in the defence, aeronautics, space, transportation and digital identity and security markets to fulfil their critical missions.

Fidelis Security

Fidelis Security

Fidelis Security is a leading provider of extended threat detection and response (XDR) solutions for your security operations.

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

Cyber Affairs

Cyber Affairs

Cyber Affairs is the first Italian press agency entirely dedicated to cyber security.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

UKAS

UKAS

UKAS is the national accreditation body for the UK. The directory of members provides details of organisations offering certification services for ISO 27001.

Macquarie Telecom Group

Macquarie Telecom Group

Macquarie Telecom is Australia's datacentre, cloud, cyber security and telecom company for mid-large business and government customers.

Toothpic

Toothpic

ToothPic has invented, designed, developed and patented a solution to enable companies to turn every smartphone into a secure key for a user-friendly online authentication.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

BAE Systems

BAE Systems

BAE Systems develop, engineer, manufacture, and support products and systems to deliver military capability, protect national security, and keep critical information and infrastructure secure.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.