Cyber-attacks in the Russia-Ukraine war have had several objectives, including political, sabotage, and data theft for espionage.
Political Objectives: Adversaries can also use cyber-attacks for political purposes by disrupting government, transportation, and financial services organizations to create panic. Russia began this effort weeks before the attack with a series of emailed bomb threats, messages to Ukrainian citizens claiming that bank ATMs were disabled, “false flag” videos, and hacking dozens of government websites to display the message “be afraid and expect the worst.”
Political tactics continued to be used by both sides as the war continued. The Office of the National Security and Defense Council of Ukraine created a website to provide Russian citizens with “information about prisoners of war of the Russian Armed Forces who have invaded the territory of Ukraine since February 24, 2022.” Russia countered this site with a Distributed Denial of Service (DDoS) of the site.
Sabotage Objectives: We frequently see attacks used to disrupt or sabotage critical defensive systems. In the run up to last year’s invasion, attacks escalated to prepare the battleground:
-
In January, wiper malware (WhisperGate) designed to delete all data on the infected system was found on Ukrainian systems
-
The UK government attributed distributed denial of service (DDoS) attacks against the Ukrainian banking sector on 15 and 16 February 2022 to having involved the Russian Main Intelligence Directorate (GRU).
-
As the invasion began, Russia attacked Ukraine’s communications channels; the Viasat satellite internet connections. In an act new to modern warfare, Mykhailo Fedorov, Ukraine’s Vice Prime Minister Minister of
-
Digital Transformation, tweeted to Elon Musk, “We ask you to provide Ukraine with Starlink stations and to address sane Russians to stand.” Later that day Musk responded, “Starlink service is now active in Ukraine. More terminals en route.”
Data Theft and Espionage: In modern times cyber warfare has focused more on intelligence, surveillance, and reconnaissance. Russia has been aggressive on this front, including against the US. A nation’s enemies can use personal information on individuals for tracking or capturing key targets, identifying information that could be used for blackmail, or uncover spies. Data theft of IP can allow nation-states to reverse engineer weapons systems. Information on troop readiness and locations is invaluable to an adversary.
-
Russia aggressively developed “digital dossiers” on Ukraine’s citizens. Shortly before the invasion, Ukraine’s Ministry of Internal Affairs, which oversees the police, national guard and border patrol, and a national database of 80 percent of the country’s automobile insurance policies were breached. The combined information provided Russia with contact information and likely transportation mode for key personnel.
-
Russia also sought data from Ukrainian government and industrial targets. One attack in early February 2022 was “QuietSieve.” When successfully executed, the malware searched for files with doc, docx, xls, rtf, odt, txt, jpg, pdf, rar, zip, and 7z extensions within removable, fixed, or networked drives. Those files were then bundled for exfiltration.
-
Ukraine countered using human intelligence and technology to monitor Russian troop movements. It launched a chatbot for the Telegram messaging app to allow near real-time battlefield intelligence by citizens and troops.