Russia’s unprovoked War in Ukraine has intensified on all fronts. As Ukraine confronts the tip of the Russian spear on the ground, in the air, and in the Black Sea, it is also combating Russia in cyberspace. With kinetic conflict breaking out across Ukraine, many expected significant cyber-attacks to coincide with, or even precede, the initial invasion. So far, however, no reports of major, infrastructure crippling, attacks have surfaced. But this does not mean that the cyber front has been quiet.
Cyber warriors, from the run-of-the-mill “hacktivist” to government agencies, have been involved in the Ukraine crisis since the beginning. Before the invasion had fully begun, Russian hackers reportedly narrowly deployed HermeticWiper, data-destroying malware, likely in an effort to hobble Ukrainian law enforcement, telecommunications, state websites, and social organization. The damage caused by this campaign was significant, but a far cry from the shock-and-awe style attacks many were expecting to accompany the initial surge of Russian troops across the border. The true reason for this remains unknown. Perhaps Vladimir Putin’s initial attack plans were foiled by the Biden administration’s intelligence leaks, or perhaps, as Pentagon press secretary John Kirby suggested on Wednesday, Ukraine has been aided by U.S. cyber prowess.
Sen. Mark Warner (D-VA) posited, “It may be that Putin and the Russian forces were just so overconfident that they could roll over the Ukrainians, they want to hold those tools in reserve. You don’t want to show your best stuff unless you need your best stuff.” It is possible that Russia’s “A-Team,” Warner said, is being reserved for further escalation scenarios, should they transpire.
Instead, Ukraine was dealt a slew of Distributed Denial of Service (DDoS) attacks that hampered internet connectivity in certain localities, and disrupted banking and other online platforms, though only temporarily. The White House later publicly attributed these attacks to Russian intelligence, though disruptions of this middling caliber are more often the work of lower-level cyber actors.
Ukraine’s cyber defenders seemed somewhat prepared for the initial volley of DDoS attacks. By switching traffic to other network providers, Kyiv has proven to be quite resilient to these hits. Other outages that rolled through parts of Ukraine that saw the most carnage in recent days likely have more to do with the destruction of infrastructure, population displacement, and trading control of energy stations than cyber attacks.
Indeed, it is not just governments in the cyber melee in Ukraine. The Kremlin has effectively deputized the Conti ransomware gang and Belarusian hackers have reportedly conducted a spear-phishing campaign against Ukrainian military targets. Not to be outdone, Kyiv has called upon its native hacker underground to defend the country’s critical infrastructure, and spy on Russian troops. The vice prime minister and minister of digital transformation of Ukraine, Mykhailo Fedorov, has gone so far as to create a telegram channel advertising jobs to anyone, Ukrainian or foreign, to join the fight on Ukraine’s side. The ad, repeated in English for Ukrainian-sympathetic hackers, encourages the use of “any vectors of cyber or DDoS attacks” to compromise Russian businesses, banks, resource extraction entities such as Gazprom, and even the Russian state websites themselves. These efforts have reportedly met with some success, knocking out the Kremlin website, and hacking TV channels to play Ukrainian songs.
Even the infamous Anonymous “hacktivist” collective has joined the fray, declaring it is “officially in cyber war against the Russian government.” The group claims to have breached the Belarusian weapons manufacturer Tetraedr, and leaked 200 gigabytes of emails, in retaliation for assisting with the logistical support for Putin’s forces. Further, it claims to have hacked Russian broadcast TV networks and played explicit footage from the front lines, in order to break the Russian media blackout of the campaign’s shortcomings.
The blurring of state and non-state cyber conflict is not a new phenomenon, but government spokespeople publicly encouraging citizen hackers to join the cause of their respective countries in their individual capacities signals an evolution, and indeed escalation, of cyber conflict on multiple levels, that may deserve the title of true cyberwar.
Closer to the top rungs of cyber conflict, there is little doubt the official state cyber teams are watching closely and acting as they see fit. Putin has instructed his critical infrastructure operators to be on the lookout for “computer attacks.” The Biden administration issued a similar warning to its domestic companies, especially the defense industry. For now, it seems as though the two cyber powerhouses have yet to come to blows directly, in all likelihood fearing an escalation spiral. Nevertheless, President Joe Biden warned Putin against pursuing cyberattacks against U.S. companies, and critical infrastructure. The White House has been tight-lipped about its internal discussions of offensive cyber maneuvers.
One thing seems certain—after an embarrassing start to the campaign, Putin will be escalating his efforts to take Kyiv by whatever means necessary. As citizens prepare by manufacturing Molotov cocktails and collecting government-issued rifles, the Ministry of the Interior has urged citizens to turn off the geolocation features on their mobile devices for fear of Russian cyberspies tracking gatherings of would-be urban fighters.
Aaron Crimmins, Esq. is a cyber strategy and governance consultant and writer based in San Diego, California. He tweets @00crims.