How cyberwarfare is playing out in Ukraine


For almost three months since Russia first set foot on Ukrainian soil as part of its latest invasion into the country, there have been significant battles on the ground. Ukrainian forces have managed to repel the Russian invaders from many of the country’s cities through hard-fought gains – but a parallel war is going on online.

We have seen huge amounts of IT skirmishes between Russia and Ukraine taking place online, with each country vying for supremacy over the other. Russia has tried to knock many of Ukraine’s key elements of infrastructure, including banks, electricity networks, and other online or connected services offline, though Ukraine has managed largely to repel the attacks.

Monitoring by Microsoft over the course of the last two months has shown the scale of the cyberwar. Six separate nation-state actors connected to Russia have carried out at least 237 operations against Ukraine since the start of the war, according to Microsoft. And that’s just the beginning. “Given Russian threat actors have been mirroring and augmenting military actions, we believe cyberattacks will continue to escalate as the conflict rages,” said Tom Burt, Microsoft’s vice president for customer security.

ADVERTISEMENT

Destruction, but not death

Around 40 of the operations launched by those six separate actors linked to Russia were destructive attacks, the goal of which was to permanently destroy or delete files contained within hundreds of systems. The victims involved in the cyber campaign cover dozens of organizations across Ukraine. More concerningly, four in 10 of them were targeted towards critical infrastructure, which if it went offline could cause “negative second-order effects” on the government, military, economy, and population, Microsoft said.

What’s more, Microsoft admitted that it couldn’t tell if this was the whole aspect of cyberwar. Its visibility was limited by various technical issues, and the company acknowledged that there could be operations launched by Russia that they didn’t see.

There’s also the potential that the conflict could spill out beyond Ukraine’s borders. Similar issues occurred with malware targeted at Ukraine in prior years, including NotPetya, which ended up taking vast volumes of IT infrastructure offline in countries around the world in 2017. “Russian nation-state threat actors may be tasked to expand their destructive actions outside of Ukraine to retaliate against those countries that decide to provide more military assistance to Ukraine and take more punitive measures against the Russian government in response to the continued aggression,” Burt added.

Recently, a pro-Russian hacker group Killnet has announced that it will attack the US, the UK, Germany, Italy, Latvia, Romania, Lithuania, Estonia, Poland, and Ukraine, hence mirroring the previous concerns.

Ukraine’s attempts to nobble Russia

At the same time, Ukraine has been stridently defending its territory in cyberspace. As well as repelling Russian attacks, Ukraine has been more than willing to try and attack Russia, disrupting their own infrastructure, particularly focused on the transport and delivery routes that would be used to supply and support the troops engaged in activity on the ground.

For instance, Ukrainian cyber forces that have volunteered to support the country have been targeting Russian railway networks, stopping them from delivering vital supplies to frontline troops. Ukrainian businessman and cybersecurity expert Yegor Aushev told Reuters that “the goal is to make it impossible to bring these weapons to our country.” Russia uses similar tools, Maggie Smith, assistant professor of public policy at the United States’ Military Academy West Point wrote: “Strategically, Russian cyber operations are designed to undermine the Ukrainian government and private sector organizations. Tactically, the operations aim to influence, scare and subdue the population.”

ADVERTISEMENT

Cyberwar has been a key component of the battle going on between Russia and Ukraine and is almost uniquely intertwined with the physical and kinetic war space in this conflict. Rather than seeing cyber and physical war as two separate spaces, both sides have sought to impress their advantage and augment physical attacks with contemporary cyberattacks. That’s best seen in the example of one day early on in the conflict when Russian hackers launched an attack against a significant Ukrainian media broadcaster – just as the Russian military announced its intention to destroy Ukrainian 'disinformation' targets and directed a missile strike against a TV tower in Kyiv. It’s an indication of how integral cyberwarfare has become to the modern military – and why we need to be aware of what’s next.