Key highlights of Russia’s cyber aggression against Ukraine: has Russia exhausted its digital arsenal?

Updated on: 15 November 2023

Anna Zhadan
Contributor

Having witnessed a variety of cyberattacks on Ukraine’s critical infrastructure, banks, and electricity networks, many begin to wonder: are we seeing the maximum of what Russia is capable of?

The State Service of Special Communications and Information Protection of Ukraine (also known as the Derzhspetszviazok) released a report detailing key lessons learned over the course of Russia’s cyber aggression since May 9th.

Based on the findings, Russia has likely reached the maximum of but has not exhausted its cyber potential. The SSSCIP has noted that the number of cyberattacks has consistently risen around the time of holidays in Ukraine.

However, the cyber intensity did not increase on the Day of Remembrance and Reconciliation for the WWII Victims (May 8) and Victory Day (May 9). Such a stable pressure level might signal that Russia is simply not currently able to increase its cyber aggression – both with the help of military hackers and cyber terrorists.

“Russia is using all its capacities and cyberattack methods available to it. We know their potential. Due to our successful resistance, we have demonstrated the level of threat Russian hackers pose to the whole world. It is high indeed because at least their military hackers are dangerous and highly qualified. But it is measurable. Plus, we already know how to resist it,” said the SSSCIP Head Yurii Shchyhol.

Despite that, the number of attacks is not projected to decrease. Russia continues to target public authorities, telecom, and critical infrastructure. A few days ago, a pro-Russian hacker group Killnet announced that it will attack the US, the UK, Germany, Italy, Latvia, Romania, Lithuania, Estonia, Poland, and Ukraine because of their support for 'Nazis' and 'Russophobes,' as it claims.

On May 9th, Russia-affiliated hackers landed a massive DDoS attack on Ukrainian leading telecom operators’ websites in a possible attempt to disrupt Internet access. Future attacks of the same nature might be of limited success as more Starlink terminals get delivered to Ukraine, with over 150,000 daily users now relying on the service to stay online during the war.

“Russian army attempts to destroy Ukrainian telecommunications to ensure its security in the areas temporarily under occupation. While doing so, they also try to conduct ‘ground’ operations, such as re-routing online traffic to their own networks to be able to filter it,” the report explains.

Such attempts of coordinated cyber aggression with military goals are reflected in other recent incidents. As such, Russian cybercriminals were directed to attack the Odesa City Council website during a missile attack on Odesa residential areas.

In a separate report, Microsoft also noted such a correlation:

“A timeline of military strikes and cyber intrusions shows several examples of computer network operations and military operations seeming to work in tandem against a shared target set, though it is unclear if there is coordination, centralized tasking or merely a common set of understood priorities driving the correlation.”