French firms are being falsely accused of aiding the Ukrainian war effort by pro-Russian hacktivists desperate to exaggerate their contribution to the cyber conflict, says an infosecurity company.
As well as accusing businesses who have nothing to do with the conflict, patriotic hackers have been rehashing previous ransom-related data leaks and trying to take credit for them in the name of the war effort – in a sign of an escalating war of disinformation between Ukraine and Russia.
The digital privacy firm Anozr Way released a study this week, which found that French firms had been caught in the crossfire of “an information war, or rather disinformation, by cyber activists who have multiplied claimed attacks, false or inflated.” And it warns that businesses based in other countries opposed to Russia could also find themselves in a similar position.
Alban Ondrejeck, Anozr Way’s co-founder and a former French intelligence officer, said: “We are engaged above all in a digital confrontation of cyber activists on both sides, where the real warhorse is disinformation. These hackers are using data relating to old attacks and trying to pass them off as new ones.”
Ondrejeck called on companies to be wary of any unverified communications they received from hackers or entities purporting to be such, and be ready “to identify tricks and unfounded accusations.”
Smoke and mirrors
On February 27, the pro-Russian hactivist group Stormous claimed responsibility for a cyber attack on Ukrainian aeronautics company Ivchenko Progress. According to the group, the firm had employed French nationals, commissioning them to manufacture jet engines for the Ukrainian military.
Stormous then released personal data purportedly belonging to these French workers, but an investigation by Anozr Way revealed that they in fact related to victims of a ransomware attack last year on an auto company by a different cybercriminal group, Grief – a breach unrelated to the cyberwar between Russia and Ukraine.
“Such claims imply that French nationals are siding with the Ukrainian defense industry,” said the report by Anozr Way. “This kind of operation is sustaining Russian propaganda – compromising Western businesses and portraying the EU and Europeans as scheming against Russia’s security interests.
“The war in Ukraine has reshuffled the cards in cyberspace, and incited hackers to declare allegiance to Russia or Ukraine. Hacktivists constitute the majority of noise that maintains the illusion of a cyberwar of scale. Falsified or exaggerated attacks are claimed by one or another of the camps.”
“Most are using Twitter or Telegram as channels of communication to give visibility to these claims. Many hackers who until now were isolated have been rallying to Ukraine or Russia, or symbolic groups like Anonymous to carry out ideologically motivated acts.”
Profit vs patriotism
Furthermore, the report added that many hacker groups were now torn between their allegiance – to either Russia or Ukraine – and their original motivation to seek profit from cyberattacks.
Ransomware gang Lockbit 2.0 has maintained a neutral stance since the outbreak of cyberwar – insisting its motivation remains purely financial and not political – while Conti has backtracked on its declaration of allegiance to Russia, after one of its members leaked data belonging to the group in reprisal for its support of the invasion.
“Since then, this group has favored a passive attitude and does not seem to have carried out any attack specifically related to the conflict, to preserve its economic activity,” said Anozr Way.
“Rather than the quality of attacks, it is their number that is most evident,” said Ondrejeck, adding that “hacktivists are publishing long lists of victims to create a smoke screen” that conceals the true effectiveness of such assaults.
“In time of war, these psychological operations are intended to demoralize the enemy and boost the morale of allies,” he added. “The cyberwar is still far from effective and rests for now on an information war.”
But Ondrejeck warned that this could change, with an upsurge in hostilities causing cyberattacks to become much more virulent.
“It is essential to remain vigilant and anticipate a potential, more devastating, second phase of the cyberconflict against those states who have declared their opposition to Russia,” he said.
More from Cybernews:
Subscribe to our newsletter