The Cyber War Between Ukraine & Russia
The cyber war between Russia and Ukraine has been fascinating the world for several months. But cyber warfare has been going on for years between these 2 superpowers. Since Ukraine’s declaration of independence in the 90s, Russia has been ogling the former soviet union country. Russia sees any Ukrainene attempt to align with western countries of Europe, and to NATO, as a real threat to their territory.
As the years go by, and the world goes through more significant digitization processes, the cyber war between these two powers occupies more space in the struggle, until it seems that now there is no separation between physical and digital war.
Russian Cyber Attacks Against Ukraine- 2013- 2017
Russia has been waging cyber warfare against Ukraine for years before this year’s invasion, causing destruction and sabotaging Ukraineen’s day-to-day life:
Operation “Armageddon” – 2013 – Russia targets employees in government offices, law enforcement agencies, and the military in a spear phishing attack to gain an advantage after political moves that brought Ukraine closer to the European Union.
Operation “Snake”-2014- In a historic event, the Ukrainian people overthrew the pro-Russian Prime Minister, after many months of violent protests. In response, Russia began Operation Snake, named after the toolkit used to infect Ukrainian computers, a malware that gives attackers complete remote control.
Denial of Service Attacks – 2014 – Russian hackers carried out one of the largest DDOS attacks in history, which disabled many government websites and diverted the world’s attention from the military forces invading Crimea.
Election tampering- 2014- a group of pro-Russian activists tampered with the voting count system of Ukraine’s presidential election using a virus that was discovered, causing a delay in the voting.
2015- An attack on one of the nuclear energy facilities of Akureyna using a trojan horse “Black Energy”, causing power outages for hundreds of thousands of people.
2017- NotPetya virus attacks Chornobyle power plants, and floods Ukrainine websites, including banks, government offices, telecommunications companies, electricity providers, transportation and critical infrastructure. Experts believe that the virus was introduced by a software update to the system used by the tax authority.
Cyber Attacks Leading To the Invasion of Ukraine
At the end of 2021, disturbing reports came from Microsoft that Russian government-sponsored hackers were laying the groundwork for warfare against Ukraine by gaining access to part of Ukraine’s energy and IT systems. Some of these targets were hit by viruses that erased data and disabled computers after the 2022 invasion.
January 2022 – Russian hackers break into government websites and inform Ukrainians that their personal information has been stolen.
In the weeks leading up to the invasion that began on February 24, 2022, Ukrainians experienced many cyber incidents. In January of this year, researchers discovered a destructive malware circulating in Ukraine called WhisperGate. The malware is reminiscent of a virus from Russia’s attack against Ukraine in 2017 called NotPetya, which led to the destruction of computer information.
After the virus was discovered, denial-of-service (DDOS) attacks brought down the websites of Ukrainian banks and government offices. In the days leading up to the invasion, the cyber company ESET discovered additional viruses designed to delete data. Furthermore, these viruses appear to have been designed and injected into systems many months before February. Another piece of evidence indicating Russian hackers’ prior knowledge of the tensions that would lead to war is the message published on 70 Ukrainian government websites on February 14, which read “Wait for the worst”.
The Invasion of Ukraine – Cyber Attacks
In the early hours of February 24, as Russian military infantry invaded Ukraine, Russian hackers disabled tens of thousands of satellite-based modems in Ukraine and across Europe, leaving millions of people without internet.
In the weeks following the invasion, hackers attacked important Ukrainian organizations, such as nuclear power plants, telecommunications companies, and government organizations. A significant attack occurred on March 1, when a missile hit one of the transmission antennas of the communication channels in Kyiv, and at the same time, many communication companies experienced a cyber attack.
After a few days, when the Russian forces took over Zaporizhzhya, the largest nuclear energy facility in Europe, Microsoft located a group of Russian hackers in the systems of a Ukrainian nuclear energy company.
At the end of March, phishing campaigns began against employees of the various government ministries and the Ukrainian military, and the installation of spyware by using the LoadEdge backdoor virus.
On March 28, an attack targeting WordPress sites caused a connectivity problem and limited access to financial and government services.
On April 12, the cyber company ESET announced that a famous Russian hacker group called Sandworm, which was responsible for the cyber attack that shut down a nuclear power facility in 2015, attempted to carry out another cyber attack that would have cut off millions of Ukrainians from electricity. The group of hackers designed a virus called Industroyer 2, which allows control of the electric current.
Hacktivism- Hackers with an Ideology
At the outbreak of the war, and in light of its limited resources, Ukraine called on hackers from all over the world who support it to help defend against Russia.
Since then, hackers on both sides of the fence have joined the war and are causing damage on both sides. On March 3, pro-Ukraine activists leaked sensitive documents from the Russian space program and began a chain of denial-of-service attacks designed to disable any website ending in ru. (Russian site)
On June 20, pro-Russian hackers began cyber attacks against Lita, a country that supports Ukraine, flooding government websites with a powerful DDOS attack.