Ukraine’s Security Agency Says Russian Cyber Attacks Are Increasing

Uploaded on 2023-01-26 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--Europe, GOVERNMENT-Defence, FREE TO VIEW

Over the past year there has been a threefold increase in Russian cyber-attacks against Ukraine, with Russian hacking used together with missile strikes, according to a manager in Ukraine’s cyber security agency.

The attacks from Russia have often taken the form of destructive malware, said Viktor Zhora, a leading figure in the country’s SSSCIP agency, with “in some cases, cyber-attacks supportive to kinetic effects”. Zhora’s statement came when he visited London’s National Cyber Security Centre (NCSC), where he and his Ukrainian colleagues discussed how to work together to tackle the Russian threat.

The British security minister, Tom Tugendhat, said the fight “against Russian barbarism goes beyond the battlefield” and terror inflicted on civilians. “There is the real and persistent threat of a Russian cyber attack on Ukraine’s critical infrastructure,” he said. However, almost a year into its war with Ukraine, Russia has had little success on the cyber battlefield.

In the coming months, Russia is expected to escalate its cyber operations as it continues to face major military setbacks in the conflict.

However, the Ukrainian government is saying that an increase in cyber activity is likely to have only a minor impact in the war as Russian hacking operations are being met with stronger cyber counterattacks from Ukraine, with the support of its allies. The Ukraine government has published a report concerning Russia’s cyber strategy during the war so far, which concluded that cyber attacks on Ukraine’s energy infrastructure last autumn were linked to its sustained bombing campaign. According to this report, Russia launched “powerful cyber-attacks to cause a maximum blackout” on 24 November, at the same time as waves of missile strikes were launched on Ukraine’s energy facilities. 

The authors of the study have tracked the coordination of missile attacks on local governments and cyber attacks on community services, precise coordination of missile and cyber attacks on media and communication centers, and preparation and implementation of cyber attacks on supply chains that help the Ukraine war effort. “Russian war against Ukraine has many dimensions: conventional, economic, cyber, informational, and cultural. Only understanding these dimensions' interaction allows for assessing the aggressor state's actions adequately."

“The world's first large-scale cyber war did not demonstrate new "types of weapons" in existing cyberspace. All attacks are carried out using previously known techniques. The attacks used by Russia have long been categorised and have straightforward solutions for counteraction,” says the Ukrainian report.

Enemy hackers carried out as many as 10 attacks a day against “critical infrastructure” during November, according to Ukraine’s domestic security agency, part of the wider effort to leave millions without power amid plunging temperatures. These cyber attacks were coordinated with Russian “information-psychological and propaganda operations”, with the aim to “shift responsibility for the consequences of power outages to Ukrainian state authorities, local governments or large Ukrainian businesses”.

The Russian hackers range from highly professional military groups and national security agencies, along with criminal gangs, seeking to make money, as well as pro-Russian “hacktivists”.

Ukraine appears to have had some success in tackling and containing Russian and pro-Russian hacking since before the start of the war, although Kyiv has been helped by substantial support from the west. The UK has provided a £6.35m package of support, helping with incident response and information sharing, plus hardware and software.

British sources say that Russian cyber attacks have targeted Russia’s near neighbours, most notably Poland and Lithuania which have both reported an increase in attacks on government and strategic targets from the autumn. In late October, Poland’s senate was hit by a cyber-attack, a day after the country’s upper house had unanimously adopted a resolution describing the Russian government as a terrorist regime. Poland later blamed the pro-Russian group NoName057(16) for a Denial-of-Service attack aimed at shutting down its website.

Warsaw has also accused the pro-Russian Ghostwriter group, which is believes to operates from Belarus and has links to the Kremlin’s GRU military intelligence agency, of being engaged in a disinformation campaign aimed at trying to hack mail addresses and social media accounts of public figures in the country.

There remains a significant threat to British organisations from the Russian cyber activity, although it has not obviously stepped up since the start of the war. Nor has there been any sign of Russian Wiper malware being targeted against British organisations, so far.

Russian intelligence collection is likely the greatest ongoing cyber risk to Ukraine. Russian hackers can make a significant impact if they can collect high value intelligence that Moscow can  effectively make use of. 

The hackers might obtain real-time geolocation data that enable the assassination of President Zelenskyy or the timely and accurate targeting of Ukrainian forces, particularly those with high-value Western weapons systems

The hackers could also conduct hack-and-leak operations revealing sensitive war information to the Ukrainian and Western public, such as Ukraine’s combat losses, internal schisms, or military doubts - or collect valuable information about Kyiv’s perceptions and intentions that can aid Moscow at future talks.

Ukraine Governent:     Ukraine Government:   Ukraine Economic Security Council:     Guardian:   

The Hill:      NCSC:     Carnegie Endowment:  

You Might Also Read: 

British Spy Chief Says War In Ukraine Is Changing Intelligence Gathering:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Will The Insider Threat Intensify During The Recession?
Bridging The Detection & Response Gap »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Dataglobal

Dataglobal

Dataglobal is an industry-leading provider of Information Archiving/Governance and Unified Data Classification solutions.

ENLIGHTENi

ENLIGHTENi

ENLIGHTENi are the platform to develop next-gen talent in Technology, Risk, and Cybersecurity. Our mission is to develop next-gen talent through challenge-based learning and team collaboration.

Dice

Dice

Dice is a leading recruitment platform, helping technology professionals manage their careers and employers connect with highly skilled tech talent in specialist areas including cybersecurity.

Hubraum

Hubraum

Hubraum is Deutsche Telekom’s tech incubator, helping startups to create new business opportunities in areas including data analytics, AI, robot process automation and cyber security.

FortifyData

FortifyData

FortifyData is the next generation of cyber risk management–a comprehensive platform that continuously evaluates your third-party, internal and people risks.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

doIT Solutions

doIT Solutions

doIT solutions specialize in IT security and infrastructure, security automation, data center, and cybersecurity.

SolidRun

SolidRun

SolidRun is a leading provider of computing and network technology designed to streamline the deployment of edge computing infrastructure and support embedded and IoT markets.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

Nerds On Site

Nerds On Site

Nerds On Site provide on-site & in-home IT and technical support, managed IT services, and cyber security through our collaborative team of highly-trained IT and Security professionals.

Cyber Security Global

Cyber Security Global

Cyber Security Global is a leader in electronic security, consultancy, technology, cybersecurity solutions, training, and specialized products.

Fairly AI

Fairly AI

Fairly AI is on a mission to democratize safe, secure, and compliant AI across the enterprise.

Hack-X Security

Hack-X Security

Hack-X Security provide IT risk assessment and Digital Security Services. We are a trusted standard for businesses that must protect their data from cyber-attacks.