Ukraine’s Security Agency Says Russian Cyber Attacks Are Increasing

Uploaded on 2023-01-26 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--Europe, GOVERNMENT-Defence, FREE TO VIEW

Over the past year there has been a threefold increase in Russian cyber-attacks against Ukraine, with Russian hacking used together with missile strikes, according to a manager in Ukraine’s cyber security agency.

The attacks from Russia have often taken the form of destructive malware, said Viktor Zhora, a leading figure in the country’s SSSCIP agency, with “in some cases, cyber-attacks supportive to kinetic effects”. Zhora’s statement came when he visited London’s National Cyber Security Centre (NCSC), where he and his Ukrainian colleagues discussed how to work together to tackle the Russian threat.

The British security minister, Tom Tugendhat, said the fight “against Russian barbarism goes beyond the battlefield” and terror inflicted on civilians. “There is the real and persistent threat of a Russian cyber attack on Ukraine’s critical infrastructure,” he said. However, almost a year into its war with Ukraine, Russia has had little success on the cyber battlefield.

In the coming months, Russia is expected to escalate its cyber operations as it continues to face major military setbacks in the conflict.

However, the Ukrainian government is saying that an increase in cyber activity is likely to have only a minor impact in the war as Russian hacking operations are being met with stronger cyber counterattacks from Ukraine, with the support of its allies. The Ukraine government has published a report concerning Russia’s cyber strategy during the war so far, which concluded that cyber attacks on Ukraine’s energy infrastructure last autumn were linked to its sustained bombing campaign. According to this report, Russia launched “powerful cyber-attacks to cause a maximum blackout” on 24 November, at the same time as waves of missile strikes were launched on Ukraine’s energy facilities. 

The authors of the study have tracked the coordination of missile attacks on local governments and cyber attacks on community services, precise coordination of missile and cyber attacks on media and communication centers, and preparation and implementation of cyber attacks on supply chains that help the Ukraine war effort. “Russian war against Ukraine has many dimensions: conventional, economic, cyber, informational, and cultural. Only understanding these dimensions' interaction allows for assessing the aggressor state's actions adequately."

“The world's first large-scale cyber war did not demonstrate new "types of weapons" in existing cyberspace. All attacks are carried out using previously known techniques. The attacks used by Russia have long been categorised and have straightforward solutions for counteraction,” says the Ukrainian report.

Enemy hackers carried out as many as 10 attacks a day against “critical infrastructure” during November, according to Ukraine’s domestic security agency, part of the wider effort to leave millions without power amid plunging temperatures. These cyber attacks were coordinated with Russian “information-psychological and propaganda operations”, with the aim to “shift responsibility for the consequences of power outages to Ukrainian state authorities, local governments or large Ukrainian businesses”.

The Russian hackers range from highly professional military groups and national security agencies, along with criminal gangs, seeking to make money, as well as pro-Russian “hacktivists”.

Ukraine appears to have had some success in tackling and containing Russian and pro-Russian hacking since before the start of the war, although Kyiv has been helped by substantial support from the west. The UK has provided a £6.35m package of support, helping with incident response and information sharing, plus hardware and software.

British sources say that Russian cyber attacks have targeted Russia’s near neighbours, most notably Poland and Lithuania which have both reported an increase in attacks on government and strategic targets from the autumn. In late October, Poland’s senate was hit by a cyber-attack, a day after the country’s upper house had unanimously adopted a resolution describing the Russian government as a terrorist regime. Poland later blamed the pro-Russian group NoName057(16) for a Denial-of-Service attack aimed at shutting down its website.

Warsaw has also accused the pro-Russian Ghostwriter group, which is believes to operates from Belarus and has links to the Kremlin’s GRU military intelligence agency, of being engaged in a disinformation campaign aimed at trying to hack mail addresses and social media accounts of public figures in the country.

There remains a significant threat to British organisations from the Russian cyber activity, although it has not obviously stepped up since the start of the war. Nor has there been any sign of Russian Wiper malware being targeted against British organisations, so far.

Russian intelligence collection is likely the greatest ongoing cyber risk to Ukraine. Russian hackers can make a significant impact if they can collect high value intelligence that Moscow can  effectively make use of. 

The hackers might obtain real-time geolocation data that enable the assassination of President Zelenskyy or the timely and accurate targeting of Ukrainian forces, particularly those with high-value Western weapons systems

The hackers could also conduct hack-and-leak operations revealing sensitive war information to the Ukrainian and Western public, such as Ukraine’s combat losses, internal schisms, or military doubts - or collect valuable information about Kyiv’s perceptions and intentions that can aid Moscow at future talks.

Ukraine Governent:     Ukraine Government:   Ukraine Economic Security Council:     Guardian:   

The Hill:      NCSC:     Carnegie Endowment:  

You Might Also Read: 

British Spy Chief Says War In Ukraine Is Changing Intelligence Gathering:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Will The Insider Threat Intensify During The Recession?
Bridging The Detection & Response Gap »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

MaxMind

MaxMind

MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

Computer Network Defence (CND)

Computer Network Defence (CND)

Computer Network Defence (CND) are a Broad-Spectrum Cyber Security Consultancy and Recruitment Agency.

Braintrace

Braintrace

Braintrace’s services include Managed Detection and Response (MDR), Managed SIEM, SIEM-as-a-Service, SOC-as-a-Service, Advisory Services, and Incident Response.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

CUJO AI

CUJO AI

CUJO AI is the global leader in the development and application of artificial intelligence to improve the security, control and privacy of connected devices in homes and businesses.

UK Research & Innovation (UKRI)

UK Research & Innovation (UKRI)

UKRI works in partnership with universities, research organisations, businesses, charities, and government to create the best possible environment for research and innovation to flourish.

IoT Cybersecurity Alliance

IoT Cybersecurity Alliance

IoT Cybersecurity Alliance is where industry-leading IoT security providers and top IoT experts come together to establish and share best practices to secure the IoT ecosystem for the good of all.

CyberAlpha

CyberAlpha

CyberAlpha is a cloud based website security and monitoring platform providing protection from cyber attack.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

Nuance Communications

Nuance Communications

From revolutionizing the doctor-patient relationship to reinventing the way brands connect with their customers, Nuance technology helps organizations push the boundaries of what’s possible.