Ukraine Claims Russian Cyber Attacks Are War Crimes

Uploaded on 2023-01-30 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-Defence, FREE TO VIEW

Ukrainian officials seek to convince the International Criminal Court (ICC) in the Hague to investigate whether certain Russian cyber attacks could constitute war crimes and officials are gathering digital evidence for the ICC to prosecute. 

In a statement by ICC Prosecutor, Karim A.A. Khan QC, on the Situation in Ukraine, “I have decided to proceed with opening an investigation. In particular, I am satisfied that there is a reasonable basis to believe that both alleged war crimes and crimes against humanity have been committed in Ukraine in relation to the events already assessed during the preliminary examination by the Office.” 

Cyber attacks have increasingly become a part of modern warfare and have been repeatedly used by Russian forces amid the country’s war in Ukraine to target critical infrastructure.  “Given the expansion of the conflict in recent days, it is my intention that this investigation will also encompass any new alleged crimes falling within the jurisdiction of my Office that are committed by any party to the conflict on any part of the territory of Ukraine...“I will continue to closely follow developments on the ground in Ukraine, and again call for restraint and strict adherence to the applicable rules of international humanitarian law,” says Khan’s statement.

Cyber attacks are not listed as a form of war crime under the Geneva Convention and legal experts have previously contacted the ICC with the aim to prosecute Russian cyber attacks, but the reported push from Ukrainian officials marks the first time a sovereign government has made such a request to the court. 

Last year, a group of human rights lawyers and investigators in the Human Rights Center at UC Berkeley's School of Law sent a formal request to the ICC in which it urged the ICC to consider war crime prosecutions of Russian hackers for their cyber attacks in Ukraine, even as the prosecutors gather evidence of more traditional, ongoing war crimes there. 

Ukraine’s chief digital transformation officer, Victor Zhora said that his country is gathering evidence of cyber attacks tied to military operations and are sharing information with the ICC in the hopes of potentially charging Russia for those crimes. Zhora argued that since Russia used cyber attacks to support its kinetic military operations that targeted Ukraine’s critical infrastructure and civilians, the digital attacks should also be considered as war crimes against Ukrainian citizens. “When we observe the situation in cyberspace we notice some coordination between kinetic strikes and cyber attacks, and since the majority of kinetic attacks are organised against civilians, being a direct act of war crime, supportive actions in cyber can be considered as war crimes,.. ”

Zhora also noted last year’s Russian attacks against Ukraine’s largest private energy electricity generator, an example of when cyber attacks are used in conjunction with kinetic warfare.

Under the UN Convention war crimes can include willful killing of civilians, torture or inhuman treatment, including biological experiments; willfully causing great suffering; and the taking of hostages, among other actions. Written before the modern technological era, the definition makes no mention of digital warfare. 

The cyber domain  has no borders, and it allows attackers to instantly reach across the world, regardless of distance, which makes holding Russia's most dangerous hackers accountable, say Ukraine government sources. 

If the ICC does find that destructive Russian cyber attacks targeting critical infrastructure and civilians constitute war crimes, that could open grounds for potential prosecutions against the perpetrators of such attacks and possible reparations for the victims. 

Ukrainian officials aren’t the only ones trying to make the case before the ICC.  Last year, a group of human rights lawyers and investigators in the Human Rights Center at University of California, Berkeley’s School of Law made a similar request to the court, urging it to look into whether a group of Russian hackers, known as Sandworm, could be prosecuted for launching destructive cyber attacks against Ukraine in 2015 and 2016. Lindsay Freeman, the director of technology, law and policy at Berkley told Wired that the ICC prosecutor’s office responded to the group’s request and was looking into its recommendations. 

In contrast, some experts aren’t convinced that making the case that certain cyber attacks could fall under war crimes is necessary, because there’s already there is already evidence of Russian war crimes in Ukraine using conventional warfare. “I’m not sure we need to reach into cyber to figure that out,” said Jamil Jaffer, founder and executive director of the National Security Institute at George Mason University’s Antonin Scalia Law School. 

Although he agrees that the Russians have improved the way they coordinate their land and air warfare with their cyber operations, Jaffir said that a lot of analysis must still be conducted to determine whether destructive cyber attacks targeting civilians and critical infrastructure could be classified as war crimes. “Cyber attacks are more of a novel application of war crimes, which you can still do and go through and figure out, but there are so many other very clear violations of the laws of war..

If the goal is to prosecute the Russians for their war crimes, you don’t need to go through the cyber analysis, you need to look at what they’re doing on the battlefield,” Jaffir said.

Russian linked hacker groups have ramped up operations targeting critical industries and high-profile public figures, according to an advisory issued by the British National Cyber Security Centre (NCSC) in an alert warning that a hacker groups, based in Russia, have escalated attacks against government organisations, defence firms, media publications, and non-profits.  The Russian group Seaborgium, also known as ‘Cold River’, was found to have waged an “expansive” spear-phishing campaign against UK targets. 

Social media and professional networking sites have been used to identify targets, the advisory read, which enables the groups to engage with potential victims.  

The Cold River hacker group has claimed responsibility for a number of high-profile attacks over the last year.  
Traditionally, the group hasn’t targeted the public and has instead focused on compromising public figures to create political disruption.  In May last year, security researchers at Google accused the group of hacking into and leaking emails belonging to Richard Dearlove, the former director of the MI6 spy agency.  

Cold River also claimed responsibility for attacks on US-based nuclear research centres at the beginning of this year. That incident saw the group create fake login pages for staff working at three laboratories and a phishing campaign aimed at encouraging workers to divulge passwords. 

United Nations:   Wired:      The Hill:     Politico:     ICC-CPI:      ITPro:     DW

You Might Also Read: 

Ukraine Signs Cyber Security Deal With NATO:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Microsoft To Invest $10b In OpenAI 
Turla Hackers Deliver Andomeda Malware  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

Truth Technologies Inc (TTI)

Truth Technologies Inc (TTI)

TTI is a premier provider of worldwide anti-money laundering, anti-fraud, customer identification, and compliance products and services.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

RedShield Security

RedShield Security

RedShield is the world's first web application shielding-with-a-service company.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

ScorpionShield

ScorpionShield

ScorpionShield CyberSecurity is an EC-Council Accredited Training Center, and an On-Demand Service for Cybersecurity professionals.

HunCERT

HunCERT

HunCERT's mission is to assist Hungarian Internet Service Providers in applying appropriate procedures to address the risks of computer network incidents and to respond to such incidents.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.

Rakuten Maritime

Rakuten Maritime

Rakuten Maritime is your trusted partner in maritime cybersecurity, offering comprehensive and proactive solutions tailored to every stage of a ship’s life cycle.

Digital & Intelligence Service (DIS)

Digital & Intelligence Service (DIS)

DIS is the fourth Service of the SAF, here to defend and dominate in the digital domain, and achieve peace and security for our land.