Even before Russia invaded Ukraine, its hacking offensive was well under way.
Suspected Russian hackers targeted Ukrainian government and financial websites with so-called distributed denial-of-service attacks aimed at creating chaos; they bombarded government, nonprofit and IT organizations with malicious software designed to render computers inoperable; and, in a broadside widely blamed on Russia, they zeroed in on Viasat Inc.’s commercial satellite network, causing major disruptions in Ukrainian communications, including for military units, at a crucial early stage in the war.
A long-anticipated cyberwar, it seemed, was finally underway. But what began with a bang stalled into something less substantial — a persistent deluge of digital attacks, yet nothing near the full-blown cyber-hostilities that many predicted.
Cybersecurity officials familiar with the conflict say a primary reason is that Ukraine was ready for it – and had considerable help from technology companies based in the US and elsewhere to bolster its cyber defenses.
State-sponsored Russian hackers have bullied Ukrainian networks for a generation, targeting businesses and electric utilities, even shutting off the power in 2015 and again in 2016, cybersecurity experts said. A 2017 attack on Ukraine’s financial sector by Russia, using NotPetya malware, spiraled across the globe and cost a reported $10 billion in damages.
Knowing that an attack was possible, Ukrainian officials started preparing for Russian hackers in the fall of 2021. In addition to support from Western governments, technology companies like Microsoft, Google and others have provided support to the Ukrainian government to bolster cyber defenses. In addition to providing free software, the tech companies have shared analysis on Russian hackers, helped the government probe for areas of vulnerabilities in networks and provided intelligence on cyber threats.
Another contributing factor, experts say, is that Russian President Vladimir Putin expected the war to be wrapped up quickly, blitzing Ukraine with troops – and cyberattacks – that would cause that country’s government to quickly collapse. Along with numerous failures by Russia’s military, its plan to use cyber operations as part of a hybrid war have consistently fallen short “without substantially enabling troop progress,” according to a Feb. 9 report by the cybersecurity firm Recorded Future.
“To meaningfully influence a war at this scale, cyber operations must be conducted at a tempo that Russia apparently could sustain for only weeks at most,” said Jon Bateman, a senior fellow in the Technology and International Affairs Program at the Carnegie Endowment for International Peace, in a December panel discussion.
In an email, Bateman, who published an analysis in December on Russia’s cyber operations in Ukraine, added, “I don’t see Russia’s cyber failures as primarily a problem of planning. Rather, Moscow’s cyber forces lacked the capacity and staying power necessary for a war of this scale.”
As for why Russia hasn’t lashed back at the US and other countries supporting Ukraine, at least not in a major way, experts believe that Putin simply didn’t want to pick more fights given the problems he’s faced on the battlefield.
Erica Lonergan, a research scholar at the Saltzman Institute of War and Peace Studies at Columbia University, said that while Russia hasn’t exercised restraint on the battlefield in Ukraine, “it does seem to not want a fight with both Ukraine and NATO.”
“It’s a good news story,” she said. “You can see this as a successful case for cyber deterrence.” But she warned that the US and its allies should be considering what factors might cause Russia to change its mind.
While it hasn’t been a full-on cyberwar, the invasion of Ukraine marks the first time that cyber operations have played such a prominent role in a world conflict, according to Google. The cybersecurity firm Mandiant, now part of Google Cloud, tracked more destructive cyberattacks in Ukraine during the first four months of 2022 than in the previous eight years.
Destructive cyberattacks against Ukraine peaked in the first quarter of 2022 and surged again at the end of the year, while intelligence operations peaked in the first quarter and then leveled off for the remainder of the year, according to another cybersecurity company, CrowdStrike Holdings Inc. So-called wiper malware, for instance, was capable of deleting data and rendering affected devices inoperable.
“I think it was really rough in the beginning of the invasion,” said Sandra Joyce, vice president of Mandiant intelligence. “The wipers were very aggressive, and it was hand-to-hand combat in the cyber domain in the beginning. As that initial invasion was not successful, we saw sort of a pause in wipers.”
In a recent report, Ukraine’s State Service of Special Communications and Information Protection concluded that the focus of Russian hackers shifted in the second half of 2022, from media and telecommunications at the beginning of the conflict to the energy sector, which was also targeted with missile attacks since October. In addition, the purpose of Russian cyberattacks changed from attacks aimed at disruption to spying and data theft, the report says.
Ukraine recruited its own band of volunteer hackers to strike back at Russia, called the Ukrainian IT Army. A group called Killnet, meanwhile, has waged DDoS attacks against Western targets – actions that are largely aligned with Russia’s geopolitical ambitions.
Both groups claim to be organic and motivated by patriotism, but due to the anonymity provided in the cyber realm, it’s difficult to know who is behind them or judge their level of success. Both sides have also worked to conceal or amplify certain aspects of the war to their advantage, said Dmitri Alperovitch, executive chairman of the Silverado Policy Accelerator and co-founder of CrowdStrike.
The conflict has also had ramifications for the ransomware sector. US officials have accused the Russian government of turning a blind eye to the groups that conduct financially motivated cyberattacks on American businesses, government agencies, health-care facilities, schools and other organizations.
Politics caused a split in one notorious group, Conti, which collected an estimated $180 million in payments in 2021 alone. By February 2022, the group was in tatters after its leaders made a public declaration supporting the invasion of Ukraine. Days later, chat logs detailing the gang’s internal deliberations began leaking online.
Copyright 2023 Bloomberg.