As tensions between Russia and Ukraine continue to simmer, the websites of Ukraine’s defence Ministry, the army, as well as the interfaces of two major banks were hit by cyber-attacks on Tuesday, 15 February.
Top Ukrainian government officials, including the deputy prime minister, have described the cyberattacks as the largest assault of its kind in the country and one “which bore traces of foreign intelligence services”.
As Russian troops, estimated to be around 1,50,000, have gathered around Ukraine’s borders, provoking fears of an impending military invasion, Kiev finds itself battling destabilising cyber-attacks.
This is not the first cyber attack of its kind aimed at debilitating Ukrainian infrastructure and, expectedly so, all fingers have pointed to Russia. The Kremlin, however, has denied any involvement.
While such attacks are notorious for the difficulties involved in attribution, state and non-state actors in Russia have been the main accused behind a string of serious attacks on Ukrainian infrastructure since 2014. The infamous NotPetya attack in 2017 was the largest of its kind globally that resulted in losses of over USD1 billion.
Cyber Attacks on Ukraine in 2022: What is Happening?
Ukraine has suffered several cyber attacks on government and non-government websites since January. On 14 January, as reported by the New York Times, Ukraine’s communication intelligence service indicated that “as many as 70 central and regional authority websites were targeted.”
“Hackers brought down dozens of Ukrainian government websites,” posting messages that read: “Be afraid and expect the worst.” The message taunted its intended audience more specifically, “Ukrainians! All your personal data...have been deleted and are impossible to restore”.
Such offensives have run parallel to the escalating tensions along the border and ostensibly, aimed at inducing fear, destabilising infrastructure and keep the pot boiling while keeping the pot boiling without letting it spill into actual conflict.
The attacks have primarily been of two kinds – defacement of government websites and DDoS attacks (Distributed Denial of Service Attacks - during which hackers flood the servers hosting a website until it becomes overloaded and shuts down).
On 15 January, Microsoft released information about another kind of activity, specifically the appearance of malware called “WhisperGate” on the systems of government agencies. US-based cybersecurity journalist Kim Zetter reported that “dozens of systems at two government agencies in Ukraine were wiped with a destructive tool that Ukraine now believes was part of a coordinated attack last week against systems in Ukraine, an official says.”
According to Zetter, the tool, called WhisperGate, wiped seven workstations at one government agency in Ukraine and wiped a combination of workstations and servers at the second agency.
15 Feb Cyber-Attacks: Part of the Pattern?
Interpreting the meaning and import of cyber operations is often a highly complex endeavour. The latest series of cyber offensives against Ukraine’s defence websites and banks on 15 February came amidst western media reports of a Russian invasion happening as early as 16 February.
The websites and banks targeted on 15 February were hit with a distributed denial-of-service attack, or DDoS attacks, similar to the ones seen in January, albeit on a larger scale in February.
According to Ilya Vityuk, the Head of the Ukrainian Intelligence Agency’s Cyber Security Department, all signs point towards Russia, as such attacks are usually “perpetrated by countries” as they need advanced infrastructure.
“We know today that, unfortunately, the only country that is interested in such strikes on our country, especially against the background of mass panic over a possible military invasion is, unfortunately, the Russian Federation,” Vityuk said during the news conference.
He added that the attack likely cost “millions of dollars” to execute it, far beyond the capabilities of individual hackers or groups.
2014-2022: Cyber Attacks as Part of Russia’s War with Ukraine
The current attacks make more sense when viewed through the lens of Russia’s cyber offensives in its protracted war against Ukraine since 2014. Moscow has been accused of a string of attacks over the last eight years, including brief power outages in Ukraine in 2015 and 2016.
According to a US Government indictment, Russian hackers from GRU Intelligence were behind the cyber attacks that took down the country’s power grids. While the attack in 2015 affected an estimated 2.25 lakh people in Ukraine, the one in 2016 knocked out one-fifth of the capital Kiev’s power supply.
June 2017, however, witnessed the most serious attack of its kind in the world in the form of the NotPetya malware attack. It wreaked havoc on systems in Ukraine as well as the US and other western countries, causing billions of Dollars in financial damages.
Members of Russia’s Unit 74455, according to the US Department of Justice, was accused of being behind the NotPetya malware attack. The malware initially targeted Ukraine’s financial, energy and government sectors but spread indiscriminately, causing severe financial damage.
Given the history of attacks, Ukraine says it is better prepared to handle such attacks, it says, are originating in Russia. Ukraine’s intelligence agency, the SBU, said on 16 February it had neutralised “more than 2,200 cyber-attacks on state authorities and critical infrastructure in Ukraine” last year.
Given the escalating seriousness of these operations, in December 2021, the New York Times reported that Russia was “stepping up” its cyber intrusions into Ukrainian infrastructure, prompting the United States and the United Kingdom to send “cyberwarfare experts” to assist Ukraine.
Do Cyber Attacks Mean War?
During its 2008 invasion of Georgia, government websites were forced offline by attacks from Russia. When it seized and annexed Crimea from Ukraine in 2014, Russia was accused of launching an assortment of cyber-attacks to destabilise communications and spread confusion whilst troops overran the region, including the ones in 2015, 2016 and the NotPetya attacks in 2017.
According to a New York Times report, Pavlo Kukhta, an adviser to Ukraine’s energy minister, said in an interview that the hackers were possibly preparing for a larger attack, which could target the country’s “vulnerable” power grid. “The goal is quite simple: to sow panic, show what they are capable of, test the systems and see if they are vulnerable,” he said. “They are poking around and looking for weaknesses.”
While the current events are consistent with the accusations Russia has faced in the past, this is also different. It is yet to be determined, and one that is difficult, whether these attacks have indeed emanated from Russia. If so, are these by state or non-state actors? As in the case of Georgia in 2008 and in other instances, this could be the work of patriotic Russian hackers, who appear to have the blessings of the Kremlin.
At the moment, the attacks have been only in the form of defacement and DDoS attacks. If history is any indication, this could escalate with or without parallel use of kinetic force.
(Sushovan Sircar is an independent journalist who reports on technology and cyber policy developments. His reports explore stories at the intersection of internet and society, covering issues of privacy, surveillance, cybersecurity, India’s data regime, social media and emerging technologies. He tweets @Maha_Shoonya. This is an opinion piece, and the views expressed are the author’s own. The Quint neither endorses nor is responsible for them.)