Ukraine’s Security Agency Says Russian Cyber Attacks Are Increasing

Over the past year there has been a threefold increase in Russian cyber-attacks against Ukraine, with Russian hacking used together with missile strikes, according to a manager in Ukraine’s cyber security agency.

The attacks from Russia have often taken the form of destructive malware, said Viktor Zhora, a leading figure in the country’s SSSCIP agency, with “in some cases, cyber-attacks supportive to kinetic effects”. Zhora’s statement came when he visited London’s National Cyber Security Centre (NCSC), where he and his Ukrainian colleagues discussed how to work together to tackle the Russian threat.

The British security minister, Tom Tugendhat, said the fight “against Russian barbarism goes beyond the battlefield” and terror inflicted on civilians. “There is the real and persistent threat of a Russian cyber attack on Ukraine’s critical infrastructure,” he said. However, almost a year into its war with Ukraine, Russia has had little success on the cyber battlefield.

In the coming months, Russia is expected to escalate its cyber operations as it continues to face major military setbacks in the conflict.

However, the Ukrainian government is saying that an increase in cyber activity is likely to have only a minor impact in the war as Russian hacking operations are being met with stronger cyber counterattacks from Ukraine, with the support of its allies. The Ukraine government has published a report concerning Russia’s cyber strategy during the war so far, which concluded that cyber attacks on Ukraine’s energy infrastructure last autumn were linked to its sustained bombing campaign. According to this report, Russia launched “powerful cyber-attacks to cause a maximum blackout” on 24 November, at the same time as waves of missile strikes were launched on Ukraine’s energy facilities. 

The authors of the study have tracked the coordination of missile attacks on local governments and cyber attacks on community services, precise coordination of missile and cyber attacks on media and communication centers, and preparation and implementation of cyber attacks on supply chains that help the Ukraine war effort. “Russian war against Ukraine has many dimensions: conventional, economic, cyber, informational, and cultural. Only understanding these dimensions' interaction allows for assessing the aggressor state's actions adequately."

“The world's first large-scale cyber war did not demonstrate new "types of weapons" in existing cyberspace. All attacks are carried out using previously known techniques. The attacks used by Russia have long been categorised and have straightforward solutions for counteraction,” says the Ukrainian report.

Enemy hackers carried out as many as 10 attacks a day against “critical infrastructure” during November, according to Ukraine’s domestic security agency, part of the wider effort to leave millions without power amid plunging temperatures. These cyber attacks were coordinated with Russian “information-psychological and propaganda operations”, with the aim to “shift responsibility for the consequences of power outages to Ukrainian state authorities, local governments or large Ukrainian businesses”.

The Russian hackers range from highly professional military groups and national security agencies, along with criminal gangs, seeking to make money, as well as pro-Russian “hacktivists”.

Ukraine appears to have had some success in tackling and containing Russian and pro-Russian hacking since before the start of the war, although Kyiv has been helped by substantial support from the west. The UK has provided a £6.35m package of support, helping with incident response and information sharing, plus hardware and software.

British sources say that Russian cyber attacks have targeted Russia’s near neighbours, most notably Poland and Lithuania which have both reported an increase in attacks on government and strategic targets from the autumn. In late October, Poland’s senate was hit by a cyber-attack, a day after the country’s upper house had unanimously adopted a resolution describing the Russian government as a terrorist regime. Poland later blamed the pro-Russian group NoName057(16) for a Denial-of-Service attack aimed at shutting down its website.

Warsaw has also accused the pro-Russian Ghostwriter group, which is believes to operates from Belarus and has links to the Kremlin’s GRU military intelligence agency, of being engaged in a disinformation campaign aimed at trying to hack mail addresses and social media accounts of public figures in the country.

There remains a significant threat to British organisations from the Russian cyber activity, although it has not obviously stepped up since the start of the war. Nor has there been any sign of Russian Wiper malware being targeted against British organisations, so far.

Russian intelligence collection is likely the greatest ongoing cyber risk to Ukraine. Russian hackers can make a significant impact if they can collect high value intelligence that Moscow can  effectively make use of. 

The hackers might obtain real-time geolocation data that enable the assassination of President Zelenskyy or the timely and accurate targeting of Ukrainian forces, particularly those with high-value Western weapons systems

The hackers could also conduct hack-and-leak operations revealing sensitive war information to the Ukrainian and Western public, such as Ukraine’s combat losses, internal schisms, or military doubts - or collect valuable information about Kyiv’s perceptions and intentions that can aid Moscow at future talks.

Ukraine Governent:     Ukraine Government:   Ukraine Economic Security Council:     Guardian:   

The Hill:      NCSC:     Carnegie Endowment:  

You Might Also Read: 

British Spy Chief Says War In Ukraine Is Changing Intelligence Gathering:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Will The Insider Threat Intensify During The Recession?
Bridging The Detection & Response Gap »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

Red Sift

Red Sift

Red Sift is the only integrated cloud email and brand protection platform, supporting organizations to secure their communications.

EMnify

EMnify

EMnify is a Software-as-a-Service (SaaS) company, revolutionizing cellular Internet of Things (IoT).

Variti

Variti

Variti Intelligent Active Bot Protection technology — traffic analysis, detection and stopping of malicious bots in real-time and effective response to DDoS attacks.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

Iterasec

Iterasec

Iterasec provides a full range of security services to hacker-proof your products and make software engineering process secure by design.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

Saiflow

Saiflow

SaiFlow provides a tailor-made cybersecurity solution for Electric Vehicles Charging Infrastructure (EVCI), Distributed Energy Resources (DERs) and energy networks and assets.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.