Russia has targeted Ukraine’s infrastructure with cyberattacks.
AP Photo/Rodrigo Abd
- Russia’s unprovoked attack on Ukraine brought with it fears of large-scale cyberattacks.
- But so far, Ukraine and its allies have been been able to thwart them, minimizing damage.
- Experts warned larger cyberattacks were still possible as Russia reevaluates its strategy.
The Russian government hacking group Sandworm recently attempted to attack Ukraine’s power grid, according to cybersecurity firm ESET and Ukrainian officials, targeting an energy company in Russia’s latest attempt to destabilize the country.
The malware attack, which was revealed this week, failed to damage the system or plunge Ukraine into electrical blackouts, according to Ukrainian officials. Instead, it is part of a growing number of Russian cyberattacks that Ukraine has prevented since the Kremlin launched its full-scale invasion in late February.
Russia’s unprovoked attack brought with it fears of large-scale cyberattacks in Ukraine and abroad. But what has materialized so far is something different — major attacks haven’t happened, while Ukraine and its allies have been able to continuously foil the steady stream of low-level hacking attempts targeting the country.
“It’s less than what I think everybody predicted,” said Clint Watts, a Research Fellow at the Foreign Policy Research Institute. “A lot of people predicted widespread destruction of infrastructure inside Ukraine.”
Before the invasion, President Joe Biden warned Russia that the US was “prepared to respond” in the event of cyberattacks. Other government officials echoed Biden on the threat of cyberwarfare, and Secretary of Energy Jennifer Granholm sent a letter to energy companies stressing the need to prepare for potential cyberattacks.
Biden put out another statement less than a month later on March 21 emphasizing the threat once again, calling on the private sector to “harden your cyber defenses immediately.”
As Russia’s invasion of Ukraine continues, there are questions over whether such cyberattacks will become a more prominent part of the conflict. Meanwhile, experts are evaluating the gulf between what many government officials and cybersecurity researchers predicted and what has so far taken place.
“The sort of big splashy attacks that we were expecting to happen didn’t really happen,” said Allan Liska of the cybersecurity research firm Recorded Future.
A slow drip of cyberattacks hasn’t done much damage
Ukraine has faced a number of varied attempts to undermine its cybersecurity since Russia’s offensive began. There have been several “hacktivist” attacks from Russia that weren’t carried out directly by the Russian government, Liska said, but were instead done by Russian citizens for “patriotic reasons.”
Most of these attacks so far have been DDoS attacks — denial of service attacks — where hackers target websites and services in an attempt to block users from gaining access to them. These attacks are “nuisance attacks,” Liska said, and not dissimilar from those that occurred prior to the invasion.
There have also been a number of “wiper” attacks, Liska added. These attempt to delete files entirely and wipe out key data, rendering the computer unusable. But these also haven’t been as prominent as some experts thought.
“There was fear that when we started to see these wipers, they would be widely deployed across different targets from Ukraine. And they weren’t,” Liska said.
Ukraine hasn’t been able to completely protect against Russia’s cyber offensive. The largest attack during the war so far was launched on the KA-SAT satellite, said Dmitri Alperovitch, the co-founder of the cybersecurity company CrowdStrike. The satellite is owned by the US company Viasat and provides high-speed internet to people across Europe.
The attack disrupted internet access for people from Poland to France, according to a report from WIRED, with some disruptions lingering for weeks.
The attack on Viasat also likely had an impact on the Ukrainian military’s ability to coordinate, communicate, and operate unmanned vehicles in the early days of the conflict, Alperovitch said.
But Ukraine has generally increased its cyber defenses after years of being targeted in cyberwarfare, as well as received international help to disrupt Russian attacks. Earlier this month, the US announced it had quietly removed Russian malware from computer networks around the globe in an effort to preemptively quash planned cyberattacks from Moscow, The New York Times reported. The malicious software was controlled by the GRU, the Russian military’s intelligence agency, according to the report.
Many of the attacks have likely had little impact on the war because Ukraine has spent time building up resilience and investing in security to combat these types of attacks because it has long been a “testing lab” for these types of cyberattacks from Russia, Liska told Insider.
Major tech companies have also provided resources to harden Ukraine’s cyberdefenses. Microsoft earlier this month said it disrupted cyberattacks on Ukraine media outlets by Strontium, a hacking group connected to Russia’s GRU.
“Before the Russian invasion, our teams began working around the clock to help organizations in Ukraine, including government agencies, defend against an onslaught of cyberwarfare that has escalated since the invasion began and has continued relentlessly,” said Tom Burt, the corporate vice president for customer security and trust at Microsoft in a press release.
Another reason large attacks haven’t materialized is because Russia’s attack at the outset appeared to be largely uncoordinated across Russia, according to Liska.
“There wasn’t a sort of coordination across the GRU and FSB and the other organizations that would normally carry out these more sophisticated and sustained kinds of attacks simply because they didn’t know that the invasion was coming,” Liska said.
Cyberattacks in the US could become more likely as Russia reevaluates its strategy in Ukraine
There have also been fears that major Russian cyberattacks would hit the US, especially as the Kremlin threatens “painful” retaliation for sanctions imposed by the US and its allies.
Last year, several major cyberattacks linked to Russian cybercriminals impacted the US, including attacks on the meat supplier JBS and the attack on the fuel supplier Colonial Pipeline, which resulted in issues at gas stations across the East Coast.
But attacks of the same scale haven’t been seen domestically so far this year, even as Russia threatens to push back.
Large cyberattacks didn’t seem to mesh with Russia’s initial invasion goals, experts said.
“Russia was talking about occupying and ruling Ukraine,” Watts said. “So, the last thing you want to do is to destroy all the cyberinfrastructure and then have to be responsible for rebuilding it.”
But as Moscow shifts its strategy to focus on Ukraine’s eastern Donbas region and retreats from the capital of Kyiv, experts told Insider it could resort to more severe cybercrime in Ukraine and elsewhere.
“Now that the Russians have scaled down their aims to just taking the Donbas, they’re going to need to figure out how to still extract political concessions from Zelensky in order to wrap up this war,” Alperovitch said.
Without the ability to threaten regime change in Ukraine, the Russian military is more likely to put pressure on Ukraine through other means, like airstrikes and cyberattacks, according to Alperovitch.
These attacks could occur on Ukrainian energy companies or on news outlets as a psychological warfare tactic to make Ukraine more willing to agree to Russian demands in negotiations, he added. Attacks in the US and other Western nations are “likely to come” in the future as Russia attempts to find a favorable exit strategy in the war.
The Kremlin may resort to cyberattacks as a way to strengthen its hand in any future negotiations with Ukraine and its allies, Watts said, especially if its other offensives such as the current operation in Donbas are unsuccessful.
Russia is also currently facing intense international sanctions, which Alperovitch thinks the Kremlin is mistakenly betting will subside as soon as photos and videos of Russia’s actions in Ukraine begin to fade from social media and from news outlets.
“I think they’re wrong about that,” Aleprovitch said. “And I think once they realize that those economic sanctions are not going away, that’s when they’re most likely to retaliate.”
Read the original article on Business Insider