Ukraine’s Security Agency Says Russian Cyber Attacks Are Increasing

Over the past year there has been a threefold increase in Russian cyber-attacks against Ukraine, with Russian hacking used together with missile strikes, according to a manager in Ukraine’s cyber security agency.

The attacks from Russia have often taken the form of destructive malware, said Viktor Zhora, a leading figure in the country’s SSSCIP agency, with “in some cases, cyber-attacks supportive to kinetic effects”. Zhora’s statement came when he visited London’s National Cyber Security Centre (NCSC), where he and his Ukrainian colleagues discussed how to work together to tackle the Russian threat.

The British security minister, Tom Tugendhat, said the fight “against Russian barbarism goes beyond the battlefield” and terror inflicted on civilians. “There is the real and persistent threat of a Russian cyber attack on Ukraine’s critical infrastructure,” he said. However, almost a year into its war with Ukraine, Russia has had little success on the cyber battlefield.

In the coming months, Russia is expected to escalate its cyber operations as it continues to face major military setbacks in the conflict.

However, the Ukrainian government is saying that an increase in cyber activity is likely to have only a minor impact in the war as Russian hacking operations are being met with stronger cyber counterattacks from Ukraine, with the support of its allies. The Ukraine government has published a report concerning Russia’s cyber strategy during the war so far, which concluded that cyber attacks on Ukraine’s energy infrastructure last autumn were linked to its sustained bombing campaign. According to this report, Russia launched “powerful cyber-attacks to cause a maximum blackout” on 24 November, at the same time as waves of missile strikes were launched on Ukraine’s energy facilities. 

The authors of the study have tracked the coordination of missile attacks on local governments and cyber attacks on community services, precise coordination of missile and cyber attacks on media and communication centers, and preparation and implementation of cyber attacks on supply chains that help the Ukraine war effort. “Russian war against Ukraine has many dimensions: conventional, economic, cyber, informational, and cultural. Only understanding these dimensions' interaction allows for assessing the aggressor state's actions adequately."

“The world's first large-scale cyber war did not demonstrate new "types of weapons" in existing cyberspace. All attacks are carried out using previously known techniques. The attacks used by Russia have long been categorised and have straightforward solutions for counteraction,” says the Ukrainian report.

Enemy hackers carried out as many as 10 attacks a day against “critical infrastructure” during November, according to Ukraine’s domestic security agency, part of the wider effort to leave millions without power amid plunging temperatures. These cyber attacks were coordinated with Russian “information-psychological and propaganda operations”, with the aim to “shift responsibility for the consequences of power outages to Ukrainian state authorities, local governments or large Ukrainian businesses”.

The Russian hackers range from highly professional military groups and national security agencies, along with criminal gangs, seeking to make money, as well as pro-Russian “hacktivists”.

Ukraine appears to have had some success in tackling and containing Russian and pro-Russian hacking since before the start of the war, although Kyiv has been helped by substantial support from the west. The UK has provided a £6.35m package of support, helping with incident response and information sharing, plus hardware and software.

British sources say that Russian cyber attacks have targeted Russia’s near neighbours, most notably Poland and Lithuania which have both reported an increase in attacks on government and strategic targets from the autumn. In late October, Poland’s senate was hit by a cyber-attack, a day after the country’s upper house had unanimously adopted a resolution describing the Russian government as a terrorist regime. Poland later blamed the pro-Russian group NoName057(16) for a Denial-of-Service attack aimed at shutting down its website.

Warsaw has also accused the pro-Russian Ghostwriter group, which is believes to operates from Belarus and has links to the Kremlin’s GRU military intelligence agency, of being engaged in a disinformation campaign aimed at trying to hack mail addresses and social media accounts of public figures in the country.

There remains a significant threat to British organisations from the Russian cyber activity, although it has not obviously stepped up since the start of the war. Nor has there been any sign of Russian Wiper malware being targeted against British organisations, so far.

Russian intelligence collection is likely the greatest ongoing cyber risk to Ukraine. Russian hackers can make a significant impact if they can collect high value intelligence that Moscow can  effectively make use of. 

The hackers might obtain real-time geolocation data that enable the assassination of President Zelenskyy or the timely and accurate targeting of Ukrainian forces, particularly those with high-value Western weapons systems

The hackers could also conduct hack-and-leak operations revealing sensitive war information to the Ukrainian and Western public, such as Ukraine’s combat losses, internal schisms, or military doubts - or collect valuable information about Kyiv’s perceptions and intentions that can aid Moscow at future talks.

Ukraine Governent:     Ukraine Government:   Ukraine Economic Security Council:     Guardian:   

The Hill:      NCSC:     Carnegie Endowment:  

You Might Also Read: 

British Spy Chief Says War In Ukraine Is Changing Intelligence Gathering:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Will The Insider Threat Intensify During The Recession?
Bridging The Detection & Response Gap »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

Intuity

Intuity

The Intuity suite of services provides companies with a complete awareness of their security status and helps them in an efficient, efficient and sustainable improvement process.

Open Data Security (ODS)

Open Data Security (ODS)

Open Data Security is a market leader in the information security sector, offering services to companies, governments and individuals, helping them shield from hackers and cyber attacks.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Purple Knight

Purple Knight

Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts.

Creative ITC

Creative ITC

Creative ITC is a leading infrastructure and cloud enablement company. We design and deliver exceptional managed services and cloud solutions.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.

Oleria Security

Oleria Security

Oleria is the only adaptive and autonomous security solution that helps organizations accelerate at the pace of change, trusting that data is protected.

Clango

Clango

Clango employs an identity-centric approach to optimizing your cybersecurity investment while minimizing risk.