In Ukraine, Russia Has More Cyber Tricks Up Its Sleeve

February 21, 2022 Topic: Ukraine Crisis Region: Europe Blog Brand: Techland Tags: Cyber AttacksRussiaCrimeaUkraineBlackEnergyMalwareCyberwar

In Ukraine, Russia Has More Cyber Tricks Up Its Sleeve

As the Russian offense plays with new strategies and tools, Ukraine’s cyber defenders must always be vigilant.

Ukraine and Russia seemed to have a shared destiny. For decades the two nations have been entwined across myriad realms, while locked in constant struggle over identity. Once a primary Soviet Republic, Ukraine now feels the gravitational pull from two directions. In the East, their past comrades in Moscow, and in the West, their potential future compatriots in Western Europe. Ukraine is positioned on the front line in the ongoing contest of realities between the Russian Federation and NATO, and every day the friction between these societal tectonic plates grinds hotter.

As the military and diplomatic situation on Ukraine’s borders deteriorates before our eyes, we must watch these fields in collaboration with the unseen cyber field. Modern conflicts present many facets, and in the Ukraine-Russia conflict, cyber conflict features quite prominently.

Russia has for years honed its cyber skills against its smaller neighbors, treating them as cyber-training grounds. To test their prowess against world-class adversaries from the jump would be foolish and likely lead to reprisals the Russian cyber and intelligence communities may not be ready for. Instead, while troops remain in the barracks, the Russian intelligence community engages on an invisible battleground without clear borders. As far back as 2005, malware such as Turla, or Ouroboros, has plagued Eastern Europe. From there, the infamous trojan has made its rounds through Western cyberspace as well. Ukraine saw cyber meddling—widely agreed to be Russian in origin—again come to a head in 2013, when, according to Ukrainian intelligence, the Russian Federal Security Service (FSB) engaged in a “spearphishing” campaign against the Ukrainian government and law enforcement in retaliation for Ukraine participating in pro-EU talks. In 2014, for similar reasons, a multi-pronged attack hit Ukraine’s election infrastructure, reportedly due to potential pro-EU election outcomes. During the Russian invasion and annexation of Crimea, the Russians jammed communications and even damaged the physical connections that carry information from location to location in physical space. The following year, cyber aggression from the east again ratcheted up, with the now infamous BlackEnergy helping to cause rolling blackouts across Ukraine and Poland. The very next year, once again, Ukraine’s power grid was struck, resulting in similar damage. Throughout 2017, Ukraine fell victim to various strains of Petya, and NotPetya, both widespread botnet attacks.

In the nearly two decades prior to the current upheaval in Ukraine, the embattled Eastern European country has endured a constant barrage in cyberspace. Ukrainian government cyber experts have had to mount a valiant defense on the front line, facing new and evolving Russian cyber campaigns. As the Russian offense plays with new strategies and tools, Ukraine’s cyber defenders must always be vigilant. In the Donbass region, contested since the incursions of 2014, Russian aligned separatists have created a malware playground, attracting cyber actors from all over the world to test their skills. From there, there is little stopping malware from wreaking havoc elsewhere in Ukraine and the globe.

All of this has created a perfect storm for Ukraine in 2022. Cyberspace actors from all over the world have converged in the Russian sandbox, raising the stakes and the threat level in the current conflict. Indeed, Ukraine has already begun to suffer renewed, albeit modest, attacks on its banking system, seemingly designed to encourage fear and financial instability. Although these attacks remain modest for now, the Russian cyberwar machine has many other tricks up its sleeve, many designed and tailored specifically for Ukraine, after decades of practice. Were this cold conflict to heat up, and Ukraine resist Russian demands, it seems overwhelmingly likely the Ukrainian cyber defenders will be once again put to the test.

The United States and NATO’s assistance to Ukraine may put these other countries in the crosshairs as well. The United States and other NATO countries have sent diplomatic entourages to Eastern Europe many times in previous weeks to sue for peace on behalf of Ukraine and greater Europe. Russian kinetic aggression may be limited to Ukraine and eastern Europe, but without clear borders and blockages to limit their scope, the current Russian-Ukrainian conflict may spill over, threatening further escalation with NATO and other powers.

Aaron Crimmins, Esq. is a cyber strategy and governance consultant and writer based in San Diego, California. He tweets @00crims.

Image: Reuters.