Report: Lessons learned from Russian cyberattacks targeting Ukraine
Russian tanks crossed the Ukrainian border on February 24, but the first Kremlin shots at Ukraine’s critical infrastructure were fired days before. The attack wasn’t on the ground, it was in cyberspace.
Since the start of the full-scale war, Russia has carried out nearly 800 cyberattacks against Ukraine, according to senior Ukrainian cybersecurity official Yuriy Shchygol, three times more than in the same period last year. However, few attacks caused significant economic damage and mostly had a psychological effect, report says published Wednesday by the European Cyber Conflict Research Initiative.
In the report, cybersecurity specialists, academics and government officials analyzed Russia’s approach to cyber warfare in Ukraine. Here are some of their biggest discoveries:
Russia may not have ‘standby’ cyber capability
Before the outbreak of war in Ukraine, UK and US officials warned of Russia’s vast IT capabilities. But with the war now in its fourth month, some wonder if their abilities have been overstated, the report says.
Since the start of the conflict, Russian cyber operations have been relatively unsophisticated, sometimes simply reworking known malware. The report concludes that if Russia had the ability to attack more aggressively, it would have done so early in the invasion. Therefore, Russia may not have “reserve” capabilities, according to the report.
This does not mean, however, that more destructive cyberattacks will not occur in the future, as Russia continues to access Ukraine’s information infrastructure, the report said.
Strategic value of cyber operations
Some of the high-profile Russian cyber operations in Ukraine – including the Industroyer 2 attack, the Viasat hack and the frequent compromises of the Ukrainian Foreign Ministry – have had a significant psychological effect. There is little evidence that the cyberattacks have caused significant damage to Ukraine’s political, economic and social interests.
Ukraine may not be a good “test case” to see how a cyberwar with Russia might play out elsewhere in the world: since Russia’s invasion in 2014, all major cyberattacks in Ukraine have took place during a war, which means that cyberspace played a secondary role. alongside the use of conventional military weapons.
Hackers can experience burnout
Russia has made rapid progress in Ukrainian cyberspace, developing, deploying, detecting and mitigating its cyber capabilities “at an unprecedented rate”, according to the report.
The high operational tempo, however, could have potential effects on Russia’s depleted cyber forces. Experts expect high levels of Russian employee burnout due to the difficulty of maintaining and motivating sufficiently qualified staff over long periods of time.
According to a 2018 investigation by Josiah Dykstra and Celeste Lyn Paul of the US Department of Defense, fatigue and frustration mount when a cyber operation lasts more than five hours due to the cognitive effort required.
Non-state actors play a big role
Several non-state hacking groups played an important role during the cyberwar between Ukraine and Russia.
For example, the Conti team, responsible for numerous ransomware attacks, has announced its full support for Russia.
Ukraine has used the help of its computer army volunteerwhose members have mostly carried out coordinated DDoS attacks against Russia.
Another group is the Belarusian Cyberpartisans. He claimed responsibility for several major cyberattacks, including one on the Belarusian rail system that allegedly disrupted Russian ground artillery and troop movement to Ukraine.
Chinese espionage activities in Ukraine and the region have also been reported.
For example, Google’s Threat Analysis Group uncovered an ongoing cyber operation in Ukraine by a Chinese hacking group, known as APT31, targeting US government-affiliated Gmail users. However, it is still unclear how Chinese cyber actors can exploit the war in Ukraine.