Russia's Invasion of Ukraine Mirrored in Cyberspace


By: Mary Jander

As Russia’s attack on Ukraine escalates, another theatre of war is widening in cyberspace. Even before Putin’s military invasion last week, Ukraine’s digital assets were under fire.

“Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure,” stated Brad Smith, president and vice-chair of Microsoft (Nasdaq: MSFT) in a blog post on February 28.

While Russian cyberattacks on Ukraine are nothing new, the latest cyber forays have included deadly, targeted attacks. “[W]e remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets,” said Smith, “including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises.”

“False Flag” Warnings

Microsoft isn’t alone in calling out Russian hackers. The Russian invasion of Ukraine prompted a flurry of blogs and online postings from cybersecurity companies such as Fortinet (Nasdaq: FTNT), Palo Alto Networks (Nasdaq: PANW), and Check Point Software Technologies (Nasdaq: CHKP), which announced it had detected an increase of 196% in cyberattacks against Ukraine’s government and military sectors during the first three days of combat. Cyberattacks on Russian targets increased 4%, Check Point said.

Each company weighing in on the situation cited a series of new and frightening dangers afoot on the web. There’s been an increase in disinformation. Online solicitations for funds to “support Ukraine” are masking phishing operations. “We are for sure, without any hesitation, starting to see false-flag operations appear,” Jim Guinn, global cybersecurity lead for industry, strategy and consulting at Accenture (NYSE: CAN) told Bloomberg.

Taking Up Cyber Arms

To battle Russian aggression, Ukraine officials have marshalled their own technological defenses. “We are creating an IT army,” tweeted Ukraine’s Vice Prime Minister Mykhailo Fedorov. "There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists." The message featured a list of 31 Russian business and government websites – prime targets in the cyber fight.

Reportedly joining the offensive against Russian invaders is Anonymous, the international hacktivist group. Tweets declaring “cyber war against the Russian government” were followed by reports of distributed denial of service (DDoS) attacks on Russian government sites and the Russia Today news service, which is supported by the government. Still, observers warn that attacks attributed to Anonymous may not all be legit.

“It can be difficult to directly tie this activity to Anonymous, as targeted entities will likely be reluctant to publish related technical data,” Jamie Collier, senior threat intelligence advisor at cybersecurity firm Mandiant told The Guardian newspaper. “However, the Anonymous collective has a track record of conducting this sort of activity and it is very much in line with their capabilities.”

Dangers At Home Too

The invasion of Ukraine has heightened awareness that under the cloak of anonymity, hackers of all kinds are carrying their cyber weaponry beyond Eastern Europe. “Adversaries of our nation are constantly working to find and exploit our vulnerabilities. We MUST exercise good cybersecurity habits at work and at home to protect the Department of Defense (DoD) against cyberattacks,” stated Vice Admiral Jeffrey Trussler, deputy chief of naval operations for information warfare, in a memo to naval personnel.

Trussler cited the risks observed in cyberspace, including falling for hackers “[p]osing as fellow service members, patriotic military supporters, and veterans to dupe you into revealing sensitive and sometimes classified information or inadvertently download malware.”

More Action Called For

Russia’s invasion of Ukraine has tech workers of Ukrainian heritage demanding not just defensive hacking but action from big content firms, including Amazon (Nasdaq: AMZN), Alphabet’s Google (Nasdaq: GOOGL), and Cloudflare (NYSE: NET) to eliminate disinformation and cut off any online resources that could be used by Russia against Ukraine. "Companies should try to isolate Russia as much as possible, as soon as possible," Ukrainian American Olexiy Oryeshko, a staff software engineer at Google, told Reuters. "Sanctions are not enough."

As the Russian invasion continues its horrifying progress in Ukraine, it’s clear that cyberwarfare will escalate as well. Though some observers think Russia has seemed relatively restrained up to now, compared with some of its past malware exploits, such as the SolarWinds hack, it isn’t tough, given Russia’s atrocious escalation of tactics in the physical sphere, to imagine much worse.