Russia’s invasion of Ukraine has triggered cyberattacks on targets on both sides, many of them initiated by volunteers and hacktivists. But these attacks have been largely symbolic, experts have told Tech Monitor, and predictions of a true hybrid war – in which cyberattacks are integrated into military operations – have not yet come to pass.
Cyberattacks following Russia’s invasion of Ukraine
Volunteer hackers leapt to Ukraine’s defence soon after Russia invaded the country last week. The same day, a Twitter account claiming to represent Anonymous said the hacktivist group is “officially in cyberwar against the Russian Government”.
Two days later, Ukraine’s minister of digital transformation Mykhailo Fedorov called on anyone with “digital talents” to join what he described as an “IT army”. A Telegram group set up for the initiative currently has over 34,000 members.
Other groups have voiced their support for Russia. Conti, one of Russia’s most notorious ransomware gangs, initially lent its support to the country’s war effort but quickly retracted its statement, perhaps reflecting internal divisions.
Open source intelligence site CyberKnow has identified 49 groups that have joined the conflict, including 35 that support Ukraine and 11 for Russia (the affiliation of three is unknown). Most are involved in DDoS attacks and hacking, but activities include ransomware and misinformation.
Targets on both sides of the conflict have been attacked, although attributing these attacks is as difficult as ever.
Just before the conflict began, Microsoft detected a “new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure,” the company’s president Brad Smith wrote in a blog post.
“We have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack,” Smith wrote. “But we remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organisations and enterprises.”
On Monday, researchers at cybersecurity provider Proofpoint identified a “likely nation-state sponsored phishing campaign” targeting personnel involved in escorting refugees out of Ukraine.
Meanwhile, cybersecurity monitoring service Netblocks reported that Russian government websites, including the Kremlin, the Ministry of Defence and the Duma, the lower house of the country’s Federal Assembly, were taken offline. An Anonymous-affiliated group called NB65 claimed responsibility for hacking the website of Russian space agency Roscomos, although this was denied by the agency’s director general.
Some attacks have been trivial. One breach changed the call sign for Putin’s superyacht the Graceful to ‘FCKPTN’ and altered the craft’s destination to “Hell”. But volunteer groups appear to be turning their attention to more strategic targets: today, Ukraine’s “IT army” announced that it would be targeting the Belarusian rail network and Russia’s domestic satellite-navigation system.
Russia-Ukraine cyberattacks: ‘No more than a nuisance’
So far, however, these efforts have had little impact on the conflict itself, says Greg Austin, senior fellow for cyberspace and future conflict at the International Institute for Strategic Studies (IISS). “There just haven’t been any lasting effects,” he says “They are symbolic of support but no more really than a nuisance.”
Many had expected any conflict involving Russia to represent hybrid warfare, in which cyberattacks support traditional kinetic warfare tactics. This view is implicit in the UK’s National Cyber Strategy, which includes plans to bolster the country’s own cyberattack capabilities.
“The old concepts of fighting big tank battles on European landmass … are over,” Prime Minister Boris Johnson told a House of Commons committee last year. “There are other, better things that we should be investing in… cyber… this is how warfare of the future is going to be fought.”
Putin is not putting a lot of weight on the value of offensive cyber to achieve any of the really important goals.
Greg Austin, IISS
This has not proven to be the case, says Austin. “Our really firm judgment is that Putin is not putting a lot of weight on the value of offensive cyber to achieve any of the really important goals,” he says. “And if they use offensive cyber operations against Ukrainian targets, the almost exclusive purpose will be just disruption and harassment.”
However, it is up for debate whether Russia has declined to use its offensive cyber capabilities on more tactical targets out of choice. He points to the 2016 attack that disrupted a power station in Ukraine, that was widely attributed to Russia, as evidence that it can conduct such attacks – or, at least, could at the time.
“There is a question really about how well-organised Russian cyber forces are,” Austen says. “If the US or Israel was invading a country like Ukraine, they would have used cyberattacks against the air defence systems [and] the main electric grid, and they would have even probably taken out telecommunications.”
Russia’s inaction may reflect a lack of cybersecurity understanding among its senior military leadership, he adds. “The military and political leaders have to know what they’re doing… But there are not enough people at the highest levels of the Russian armed forces, or even the Chinese armed forces, who are familiar enough with the potential of cyberattacks in comparison with the US and Israel.”
Others have argued that it reflects the strategic limitations of cyberattacks. “For all the talk about ‘cyberwar’, today shows that when conflict escalates to this point it is secondary,” wrote BBC correspondent Gordon Corera on the day of the invasion. “If you want to take out infrastructure then missiles are more straightforward than using computer code. Cyber’s main role now is perhaps to sow confusion about events.”
Ciaron Martin, former head of the UK’s National Cyber Security Centre (NCSC) agrees. Cyber capabilities, as currently understood, can do everything from low-level harassment to serious disruption of everyday economic and social activity, he wrote in a blog post yesterday. “But they can’t do what missiles, fighter jets and soldiers do.”
Claudia Glover is a staff reporter on Tech Monitor.