Skip to main content
banner image
venafi logo

In Ukraine Cyber War, No Large-Scale Russian Offensives (Yet) but Anti-Russian Hackers Active

In Ukraine Cyber War, No Large-Scale Russian Offensives (Yet) but Anti-Russian Hackers Active

ukraine-cyber-attack-russia-offensive-and-hacker-activism
March 4, 2022 | Brooke Crothers

In 2015, a Russia cyberattack took down the power grid of 230,000 Ukrainians, one of the first successful cyberattacks on an energy company. And in 2017, the NotPetya “wiper” virus, aimed at companies doing business in Ukraine, caused more than $10 billion of damage globally. The West assigned most of the blame to the GRU, Russia's military intelligence service.  But this time reports of large-scale electric grid shutdowns, attacks on industry, or communications jamming have not surfaced.

Take control of your machine identities now with Venafi
">

While no one is ruling out a large-scale cyberattack on Ukraine, attacks reported by the media to date have been mostly anti-Russian hacker activity and smaller-scale attacks against the Ukraine government attributed to Russia.

But this isn’t necessarily because larger attacks aren’t happening.

“This is the first week. Fog of war is real; there are all kinds of things being missed,” said John Hultquist, VP, Mandiant Threat Intelligence, in a tweet (via the Washington Post.)

Others say it may be a matter of when not if. “Russia thought they could win quickly and with low damage to civilian populations, helping post-war governance objectives. Restrained cyber was consistent with that,” said Swarthmore University political science professor Sam Handlin in a tweet.

“Now the war is changing.  Whether cyber component also changes seems like an open question to me,” he added.

Attacks attributed to Russia

Cyberattacks against Ukrainian government websites and affiliated organizations include:

  • Data-wiping malware that “infected hundreds of computers” including those in neighboring Latvia and Lithuania.
  • A distributed-denial-of-service (DDoS) attack that temporarily knocked government websites offline accompanied by sporadic outages.

But these kinds of attacks are ongoing and standard operating procedure for Russia. What has been most surprising was the absence of major offensives.

“Many people are quite surprised that there isn’t significant integration of cyberattacks into the overall campaign that Russia is undertaking in Ukraine,” Shane Huntley, the director of Google’s threat analysis group, told the New York Times. “This is mostly business as normal as to the levels of Russian targeting.”

Anti-Russian activity

Hacker groups are garnering most of the media attention and picking sides in the wake of the Russian invasion of the Ukraine.

Hacktivists tend to be ostentatious, which isn’t always to their advantage, a Wired report said.

“Hacktivism by its very nature is always loud, and intelligence by its nature is usually quiet,” former NSA hacker Jake Williams told Wired. “Well-meaning hacktivists being loud may unwittingly lead security forces to intelligence operation that may have been ongoing in that network and flying under the radar. So they're essentially outed and lose access because of an investigation into a hacktivist attack,” Williams said.

Hacktivist activity includes:

  • DDoS attacks against Russian sites: Major Russian websites were hit by a denial-of-service attack. Sites for Russia’s military and the Kremlin “were unreachable or slow to load as a result.”
  • Hackers hit Russian space institute: Hackers “defaced a Russian Space Research Institute website and leaked files that they allege are stolen from Roscosmos, the Russian space agency,” according to Wired. “Meanwhile a DDoS attack pummeled Russia's .ru top level domain with the aim of essentially cutting off access to all URLs that end in .ru,” the report said.
  • Russia-affiliated Conti ransomware group impacted: Meanwhile, the Conti and CoomingProject (another group sympathetic to Russia) have reportedly seen massive leaks of internal messages, according to reports. “Conti seemed to be dismantling its infrastructure, evidence of the impacts hacktivism can have,” BleepingComputer said.
  • Raidforums takes anti-Russia stance: Raidforums, a notorious hacking forum, has been posting messages claiming that it would impose its own sanctions by banning any user connecting from Russia.
  • Hacktivist collective Anonymous (boasting 7.4 million Twitter followers) said “it's open season on all Russian government servers,” in a tweet.
  • U.S. private sector takes action: Before the start of military action Microsoft stepped up to help the Ukrainian government. “Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure. We immediately advised the Ukrainian government about the situation,” Microsoft’s president Brad Smith said. That warning to the Ukrainian government included identification of a new malware package, which Microsoft calls FoxBlade. “Within three hours of this discovery, signatures to detect this new exploit had been written and added to our Defender anti-malware service,” Microsoft said, adding that “this work is ongoing.”

Related Posts

Like this blog? We think you will love this.
twitter-api-key-bot-army
Featured Blog

Researchers Find 3,200 Apps Exposing Twitter API Keys, Cite ‘BOT Army’ Threat

Key Findings:

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more