23 April 2023

Russia’s invasion of Ukraine is also being fought in cyberspace

Vera Mironova

The Russian invasion of Ukraine is the first modern war to feature a major cyber warfare component. While the conventional fighting in Ukraine often resembles the trench warfare of the early twentieth century, the evolving battle for cyber dominance is highly innovative and offers important insights into the future of international aggression.

The priority for Ukraine’s cyber forces is defense. This is something they have long been training for and are excelling at. Indeed, Estonian PM Kaja Kallas recently published an article in The Economist claiming that Ukraine is “giving the free world a masterclass on cyber defense.”

When Russian aggression against Ukraine began in 2014 with the invasion of Crimea and eastern Ukraine’s Donbas region, Russia also began launching cyber attacks. One of the first attacks was an attempt to falsify the results of Ukraine’s spring 2014 presidential election. The following year, an attempt was made to hack into Ukraine’s electricity grid. In 2017, Russia launched a far larger malware attack against Ukraine known as NotPetya that Western governments rated as the most destructive cyber attack ever conducted.

In preparation for the full-scale invasion of 2022, Russia sought to access Ukraine’s government IT platforms. One of the goals was to obtain the personal information of Ukrainians, particularly those working in military and law enforcement. These efforts, which peaked in January 2022 in the weeks prior to the invasion, failed to seriously disrupt Ukraine’s state institutions but provided the country’s cyber security specialists with further important experience. “With their nonstop attacks, Russia has effectively been training us since 2014. So by February 2022, we were ready and knew everything about their capabilities,” commented one Ukrainian cyber security specialist involved in defending critical infrastructure who was speaking anonymously as they were not authorized to discuss details.

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Ukrainian specialists say that while Russian hackers previously tried to disguise their origins, many now no longer even attempt to hide their IP addresses. Instead, attacks have become far larger in scale and more indiscriminate in nature, with the apparent goal of seeking to infiltrate as many systems as possible. However, the defenders of Ukraine’s cyberspace claim Russia’s reliance on the same malware and tactics makes it easier to detect them.

The growing importance of digital technologies within the Ukrainian military has presented Russia with a expanding range of high-value targets. However, efforts to access platforms like Ukraine’s Delta situational awareness system have so far proved unsuccessful. Speaking off the record, Ukrainian specialists charged with protecting Delta say Russian hackers have used a variety of different methods. “They tried phishing attacks, but this only resulted in our colleagues having to work two extra hours to block them. They have also created fake interfaces to gain passwords and login details.”

Ukrainian security measures that immediately detect and block unauthorized users requesting information have proved effective for the Delta system and similar platforms. Russian hackers have had more success targeting the messaging platforms and situation reports of various individual Ukrainian military units. However, due to the fast-changing nature of the situation along the front lines, this information tends to become outdated very quickly and therefore is not regarded as a major security threat.

EURASIA CENTER EVENTS
Ukraine’s cyber efforts are not exclusively focused on defending the country against Russian attack. Ukrainians have also been conducting counterattacks of their own against Russian targets. One of the challenges they have encountered is the comparatively low level of digitalization in modern Russian society compared to Ukraine. “We could hack into Russia’s railway IT systems, for example, but what information would this give us? We would be able to access train timetables and that’s all. Everything else is still done with paper and pens,” notes one Ukrainian hacker.

This has limited the scope of Ukrainian cyber attacks. Targets have included the financial data of Russian military personnel via Russian banks, while hackers have penetrated cartographic and geographic information systems that serve as important infrastructure elements of the Ukraine invasion. Ukrainian cyber attacks have also played a role in psychological warfare efforts, with Russian television and radio broadcasts hacked and replaced with content revealing suppressed details of the invasion including Russian military casualties and war crimes against Ukrainian civilians.

While Ukraine’s partners throughout the democratic world have provided the country with significant military aid, the international community has also played a role on the cyber front. Many individual foreign volunteers have joined the IT Army of Ukraine initiative, which counts more than 200,000 participants. Foreign hacker groups are credited with conducting a number of offensive operations against Russian targets. However, the large number of people involved also poses significant security challenges. Some critics argue that the practice of making Russian targets public globally provides advance warning and undermines the effectiveness of cyber attacks.

Russia has attempted to replicate Ukraine’s IT Army initiative with what they have called the Cyber Army of Russia, but this is believed to have attracted fewer international recruits. Nevertheless, Russia’s volunteer cyber force is thought to have been behind a number of attacks on diverse targets including Ukrainian government platforms and sites representing the country’s sexual minorities and cultural institutions.

The cyber front of the Russo-Ukrainian War is highly dynamic and continues to evolve. With a combination of state and non-state actors, it is a vast and complex battlefield full of gray zones and new frontiers. Both combatant countries have powerful domestic IT industries and strong reputations as hacker hubs, making the cyber front a particularly fascinating aspect of the wider war. The lessons learned are already informing our knowledge of cyber warfare and are likely to remain a key subject of study in the coming decades for anyone interested in cyber security.

Vera Mironova is an associate fellow at Harvard University’s Davis Center and author of Conflict Field Notes. You can follow her on Twitter at @vera_mironov.

No comments: