“Since before the beginning of the physical invasion of Ukraine by Russia, a virtual war has been taking place. Cyber attacks have been exchanged by both sides, with support from all around the world.”
Initial Attacks by Russia
In January 2022, the BBC reported that 70 Ukrainian government websites had been breached, with messages appearing on those sites warning the Ukrainian citizens to “prepare for the worst”. This marked the beginning of a “cyber war” that has been waged on an international level. One month later, Russia formally began it’s invasion of Ukraine and stepped up attacks. Notably, various DDOS attacks took place against government targets in Ukraine (including banking systems), on top of data wiping malware being installed on many key government machines.
Image source - BBC
Around the same time, Microsoft found evidence of destructive malware targeting organisations within Ukraine, that seemed to be a novel type of malware. According to the Microsoft Security Blog, the malware first overwrites the Master Boot Record (MBR, the part of the hard drive that tells the computer how to load the operating system) with a fake ransom note, then corrupted files within the filesystem. This is not how ransomware normally operates, as we would traditionally expect to see encryption not corruption, and the user would be allowed to boot into the operating system in order to find the note and see the encrypted files. For more info on this malware, check out the Security Blog post linked above.
Initially, Russia denied its involvement in these attacks. However, since then, the group that was responsible for some of the cyber attacks against Ukraine (including the above malware) has been idenitfied as a Russian Advanced Persistent Threat (APT), with links to the government, known as Cadet Blizzard. Looking into this group a little more, it appears that they have been around since as early as 2020, and often tend to be haphazard in their operations, “using any means to collect information, cause disruption and destroy data”
Global Response
The response to these attacks have come not just from Ukraine, but all over the world. Notably, the Anonymous hacktivism group announced that it’s members had begun “operations against the Russian Federation” (see here), and according to them, they had hacked more than 2500 targets in the first week of their “#OpRussia” campaign.
Others have also joined the fight against Russia. This article from BBC News talks of hackers from around the world being recognised by Ukraine, for their assistance in hacking key Russian targets, inlcuding exfiltrating data from government sources and accessing cameras used to track military equipment movement.
The “IT Army of Ukraine” is a group co-ordinated by the Ukrainian government, with hundreds of thousands of participants receiveing Russian targets via Telegram, and among other things have launched DDoS atacks strategically important infrastructure. This group reportedly makes up the bulk of Ukraine’s counter-cyber capabilities.
Continued Offensive, and How You Can Help
The cyber war continues to this day, across many domains. Notably, between August 2023 and March 2024, 46000 civilian and military aircraft have reported satellite navigation issues in airspace near Russia, which is suspected to have been caused by Russia themselves. If you’d like to show your support for the citizens of Ukraine there are many charities and humanitarian organisations that are providing real support. One example is Driving Ukraine, who are delivering ambulances from the UK. If you’re interested in finding out more about what they do, click here.
Thanks for reading.
Nadia, Slava Ukraini 🇺🇦