For the first time ever, we are witnessing a real cyber war, Denys Tsvaig, the president of Ukraine’s national cybersecurity association, told Cybernews.
The war in Ukraine caused turmoil in the cyber realm, with many pro-Ukrainian and pro-Russian citizens worldwide joining various efforts to fight.
Hacktivism gained momentum soon after the invasion, causing collateral damage. Recently, the pro-Russian Killnet group made headlines after attacking Ukraine ally Lithuania’s websites in response to the Baltic country following EU sanctions.
Hacktivism aside, Ukraine and Russia have used cyber weapons to support their kinetic operations. For example, Russia resorted to disinformation before many major military strikes. In its turn, Ukraine allegedly was able to cause some physical damage to Russian infrastructure using its IT resources, as unverified reports say.
Some say Russia’s cyber weapons are just as weak as its artillery. The State Service of Special Communications and Information Protection of Ukraine expressed hopes that Russia had exhausted its digital arsenal.
It might turn out to be only wishful thinking. The Department of Justice is bracing for the possibility of more cyberattacks from Russia, given that the Kremlin’s supporters target Ukraine and its allies.
“Russia was shocked by our cyberattacks, but now, they are better prepared,” Tsvaig told Cybernews. “There were numerous attacks on critical infrastructure objects, nuclear power plants, communication, and telecoms.”
In addition to leading the national cybersecurity association, Tsvaig is a Co-Founder of DeHealth, a web cloud platform and decentralized application for the healthcare industry that allows users to autonomously store their medical data.
“There were two wars. On the 24 of February, we were attacked by the Russians. Close to this date, we were attacked by our ex-advisor,” Tsvaig told me. “This person had to support our token in the market, but he took all the money and started killing the project. That was the citizen of Ukraine who did it together with a group of Russians.”
That caused additional stress for Tsvaig and his company, which was running its pilot project in Ukraine at the time.
Many organizations, including cybercrime gangs, used to be a blend of Ukrainian and Russian nationalities, but the war in Ukraine tore many of them apart. One of the most prominent examples is the pro-Russian ransomware gang Conti’s data leak. An insider sympathetic to Ukraine publicly released more than a year’s worth of private data belonging to the Conti gang.
What’s new in Ukraine?
"For the first time, we are all watching the first cyberwar, real cyberwar. And this is the war of the West and the East because many hackers, engineers, and ordinary people are on the Ukrainian side," Tsvaig said, referring to the Ukrainian IT army.
While the consolidation and unitedness of society might give Ukrainians some moments of joy, Russia is active on the cyber front, too, causing a lot of disruption and damage. While exercising its mastery in disinformation, it also attacks Ukraine’s telecoms, media organizations, and critical infrastructure to install malware and reroutes internet traffic in occupied Ukraine to its infrastructure, among other things.
"Russia was shocked by our cyberattacks, but now, I think, they are better prepared. And Eastern partners help them, and they fight back very well. They also attack us daily. Russia is very well prepared for cyber war," Tsvaig said.
In some cases, he claims, the country doesn't even need to put much effort into extracting information and causing disruption.
"They were very active before the war. There were lots of agents in the ranks of our governmental services. There were a lot of spies, and traitors, leaking the information from inside. Hackers didn't need to hack into anything. They just got access to all the data they needed without any obstacles," Tsvaig said.
While he refused to share any concrete information about those alleged spies saying its confidential, Tsvaig noted that, for example, Ukrainian healthcare information was transferred directly to Russia.
"There are dozens of cases that have already been investigated and solved, cases regarding treason and traitors," he said, adding that sharing too much information might hinder Ukraine's goal to keep its enemy ill-informed.
Key issues – infosecurity and disinformation
While Russia has harnessed its disinformation techniques throughout decades, if not ages, by censoring media and building troll factories, Tsvaig acknowledges that Ukraine disseminates "all sorts of information, too."
"The key problem of this war is the issue of information security and disinformation.[...] We also do. We disseminate all sorts of information. We are trying to break into the media in Russia to show the truth. We don't need to distort information. Russian citizens don't know what's happening. The information in Russia is distorted," he said.
Recently, Pro-Ukrainian hackers penetrated the defenses of Russia's Ministry of Construction, Housing, and Utilities, editing the website to display a message supporting Ukraine.
Regarding information security, sometimes it doesn't even take a malicious insider to cause harm.
"There were instances when the person was neither a spy nor a traitor but an amateur working at the wrong place. Unfortunately, quality men power is scarce. This person provided access to information without knowing what he was doing," he said.
Tsvaig also recalled numerous seizures of bot infrastructure in Ukraine. For example, in March, Ukrainian officials said they had seized five bot farms since the invasion.
Ukraine's Security Service (SBU) said bot farms were set up by Russian special services to carry out large-scale misinformation operations to destabilize the internal situation in Ukraine.
The farms were found in Kharkiv, Cherkasy, Ternopil, and Zakarpattia. Threat actors set up and used over 100,000 fake social media accounts to spread disinformation about the full-scale Russian invasion of Ukraine to ignite “panic among Ukrainian citizens and destabilize the social and political situation in various regions.”
More from Cybernews:
Subscribe to our newsletter