Skip to main content
banner image
venafi logo

Ukraine-Russia Cyber ‘Trench’ Warfare Intensifies

Ukraine-Russia Cyber ‘Trench’ Warfare Intensifies

April 20, 2022 | Brooke Crothers

Russia cyberattacks are playing out as slow but steady trench warfare rather than decisive, large-scale offensives while Ukraine continues to garner support from hacktivists, Western tech companies, and most recently ransomware gangs.


Are you facing a machine identity crisis? Find out how Venafi can help.
Russian offensive persists though not at scale expected

Last week, Ukrainian officials said they stopped an attack on high-voltage electrical substations with the help of cybersecurity firm ESET and Microsoft. While thwarting the attack, they discovered a new variant of the Industroyer malware, which was used in a 2016 Ukraine grid attack and is tied to a notorious hacking unit within Russia’s GRU military intelligence agency known as Sandworm.

This kind of attack is typical of the tactics used by Russia in the ongoing cyberwarfare between Ukraine and Russia, which the Wall Street Journal has described as trench warfare: “a grinding conflict of relentless, if sometimes unsophisticated attacks that have taken casualties but had limited impact on the course of the fight.”

And a report this week from Symantec underscores a trend in persistent yet relatively unsophisticated Russian attacks. The report cites the Russian Shuckworm Espionage Group, which is continuing to conduct an “intense” yet unsophisticated campaign against Ukraine.

“These attacks have continued unabated since the Russian invasion of the country. While the group’s tools and tactics are simple and sometimes crude, the frequency and persistence of its attacks mean that it remains one of the key cyber threats facing organizations in the region,” the report said.

Despite these ongoing attacks, the absence of a full-scale Russia cyber shock-and-awe campaign is what has surprised most observers to date.

The newest threat against Russia: ransomware gangs

Some of the most notable recent attacks against Russia have been by ransomware gangs.

Last month, established ransomware gang OldGremlin conducted two malicious email campaigns against Russia organizations, according to research from Group-IB.  The gang bombarded Russian companies with emails that exploited trending news topics, masquerading as representatives of a Russian financial organization, Group-IB said.

“Given the fact that many international providers of email security products suspended operations on the Russian market, the campaigns of OldGremlin and other threat actors that use email at the initial stage [of a ransomware attack] are likely to become more successful and frequent,” according to the report.

“We have reason to believe that the new campaigns may have infected a large number of companies and that in the coming months the attackers will slowly and carefully move through their infrastructure, bypassing existing security systems,” Group-IB said.

NB65, another notorious ransomware gang, has been actively conducting campaigns against Russia, including an attack on the state-owned television and radio broadcasting network, VGTRK, The Record reported.

In that attack, they reportedly stole 900,000 emails and 4,000 files.

“The group’s most sophisticated and recent attack happened in March when they used the leaked source code from the Conti Ransomware gang — a Russia-linked threat actor — to make unique ransomware for each Russian target,” The Record said.

Malwarebytes goes into further detail (here) how the ransomware works in recent iterations.

See Venafi’s March blog: In Ukraine Cyber War, No Large-Scale Russian Offensives (Yet) but Anti-Russian Hackers Active.

Related Posts

Like this blog? We think you will love this.
Featured Blog

U.S. Steps Up Cybersecurity Push: SEC Proposes New Rules While State Department Establishes Cyberspace Bureau

SEC Proposes new cybersecurity rules for p

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more