Ukraine’s Security Agency Says Russian Cyber Attacks Are Increasing

Uploaded on 2023-01-26 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--Europe, GOVERNMENT-Defence, FREE TO VIEW

Over the past year there has been a threefold increase in Russian cyber-attacks against Ukraine, with Russian hacking used together with missile strikes, according to a manager in Ukraine’s cyber security agency.

The attacks from Russia have often taken the form of destructive malware, said Viktor Zhora, a leading figure in the country’s SSSCIP agency, with “in some cases, cyber-attacks supportive to kinetic effects”. Zhora’s statement came when he visited London’s National Cyber Security Centre (NCSC), where he and his Ukrainian colleagues discussed how to work together to tackle the Russian threat.

The British security minister, Tom Tugendhat, said the fight “against Russian barbarism goes beyond the battlefield” and terror inflicted on civilians. “There is the real and persistent threat of a Russian cyber attack on Ukraine’s critical infrastructure,” he said. However, almost a year into its war with Ukraine, Russia has had little success on the cyber battlefield.

In the coming months, Russia is expected to escalate its cyber operations as it continues to face major military setbacks in the conflict.

However, the Ukrainian government is saying that an increase in cyber activity is likely to have only a minor impact in the war as Russian hacking operations are being met with stronger cyber counterattacks from Ukraine, with the support of its allies. The Ukraine government has published a report concerning Russia’s cyber strategy during the war so far, which concluded that cyber attacks on Ukraine’s energy infrastructure last autumn were linked to its sustained bombing campaign. According to this report, Russia launched “powerful cyber-attacks to cause a maximum blackout” on 24 November, at the same time as waves of missile strikes were launched on Ukraine’s energy facilities. 

The authors of the study have tracked the coordination of missile attacks on local governments and cyber attacks on community services, precise coordination of missile and cyber attacks on media and communication centers, and preparation and implementation of cyber attacks on supply chains that help the Ukraine war effort. “Russian war against Ukraine has many dimensions: conventional, economic, cyber, informational, and cultural. Only understanding these dimensions' interaction allows for assessing the aggressor state's actions adequately."

“The world's first large-scale cyber war did not demonstrate new "types of weapons" in existing cyberspace. All attacks are carried out using previously known techniques. The attacks used by Russia have long been categorised and have straightforward solutions for counteraction,” says the Ukrainian report.

Enemy hackers carried out as many as 10 attacks a day against “critical infrastructure” during November, according to Ukraine’s domestic security agency, part of the wider effort to leave millions without power amid plunging temperatures. These cyber attacks were coordinated with Russian “information-psychological and propaganda operations”, with the aim to “shift responsibility for the consequences of power outages to Ukrainian state authorities, local governments or large Ukrainian businesses”.

The Russian hackers range from highly professional military groups and national security agencies, along with criminal gangs, seeking to make money, as well as pro-Russian “hacktivists”.

Ukraine appears to have had some success in tackling and containing Russian and pro-Russian hacking since before the start of the war, although Kyiv has been helped by substantial support from the west. The UK has provided a £6.35m package of support, helping with incident response and information sharing, plus hardware and software.

British sources say that Russian cyber attacks have targeted Russia’s near neighbours, most notably Poland and Lithuania which have both reported an increase in attacks on government and strategic targets from the autumn. In late October, Poland’s senate was hit by a cyber-attack, a day after the country’s upper house had unanimously adopted a resolution describing the Russian government as a terrorist regime. Poland later blamed the pro-Russian group NoName057(16) for a Denial-of-Service attack aimed at shutting down its website.

Warsaw has also accused the pro-Russian Ghostwriter group, which is believes to operates from Belarus and has links to the Kremlin’s GRU military intelligence agency, of being engaged in a disinformation campaign aimed at trying to hack mail addresses and social media accounts of public figures in the country.

There remains a significant threat to British organisations from the Russian cyber activity, although it has not obviously stepped up since the start of the war. Nor has there been any sign of Russian Wiper malware being targeted against British organisations, so far.

Russian intelligence collection is likely the greatest ongoing cyber risk to Ukraine. Russian hackers can make a significant impact if they can collect high value intelligence that Moscow can  effectively make use of. 

The hackers might obtain real-time geolocation data that enable the assassination of President Zelenskyy or the timely and accurate targeting of Ukrainian forces, particularly those with high-value Western weapons systems

The hackers could also conduct hack-and-leak operations revealing sensitive war information to the Ukrainian and Western public, such as Ukraine’s combat losses, internal schisms, or military doubts - or collect valuable information about Kyiv’s perceptions and intentions that can aid Moscow at future talks.

Ukraine Governent:     Ukraine Government:   Ukraine Economic Security Council:     Guardian:   

The Hill:      NCSC:     Carnegie Endowment:  

You Might Also Read: 

British Spy Chief Says War In Ukraine Is Changing Intelligence Gathering:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Will The Insider Threat Intensify During The Recession?
Bridging The Detection & Response Gap »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

CSA Events

CSA Events

Cloud Security Alliance conducts a series of conferences around the world. This listing provides a link to details of upcoming events.

AppViewX

AppViewX

AppViewX is a global leader in the management, automation and orchestration of network services in data centers.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

vdiscovery

vdiscovery

vdiscovery is a provider of proprietary and best-in-breed solutions in computer forensics, document review, and electronic discovery.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

Siemens

Siemens

Siemens Industrial Security Services provide solutions for cybersecurity in automation environments based on the recommendations of the international standard IEC 62443.

Hudson Cybertec

Hudson Cybertec

Hudson Cybertec are an internationally recognized Subject Matter Expert for cyber security in the Industrial Automation & Control Systems (IACS) domain.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

AUCloud

AUCloud

AUCloud is a leading Australian cyber security and secure cloud provider, specialising in supporting businesses and Governments with the latest cloud infrastructure.

Internet Initiative Japan (IIJ)

Internet Initiative Japan (IIJ)

IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers.

RedArx Cyber Group

RedArx Cyber Group

At RedArx Cyber Group, our vision is to empower businesses with cutting-edge, proactive security solutions that safeguard their digital landscapes.