According to a senior figure in the country’s cybersecurity agency, Ukraine has suffered a tripling of cyberattacks in the past year, with Russian hacking at times used in combination with rocket attacks.
Attacks from Russia have often taken the form of destructive, disk-wiping wiper malware, said Viktor Zhora, a senior figure in the country’s SSSCIP agency, with “in some cases cyberattacks supporting kinetic effects.”
Zhora’s comments came as he visited London’s National Cyber Security Center (NCSC), part of GCHQ, where he and Ukrainian colleagues were to discuss how to work together to combat the Russian threat.
Tom Tugendhat, Britain’s Security Secretary, welcomed them, saying the fight “against Russian barbarism goes beyond the battlefield” and terror inflicted on civilians. “There is a real and ongoing threat of a Russian cyberattack on Ukraine’s critical infrastructure,” he added.
A day earlier, SSSCIP published an analysis of Russia’s cyber strategy during the war so far, which concluded that cyber attacks on Ukraine’s energy infrastructure last fall were linked to the country’s ongoing bombing campaign.
Russia launched “powerful cyberattacks to cause a maximum blackout” on Nov. 24, according to the report, in parallel with rocket attacks on Ukraine’s power plants, which at the time had shut down all of the country’s nuclear power plants.
Enemy hackers carried out 10 attacks a day on “critical infrastructure” in November, according to Ukraine’s domestic intelligence agency SBU, part of a broader effort to leave millions without power as temperatures plummet.
Cyber attacks were also coordinated with Russian “information psychological and propaganda operations,” according to SSSCIP, aimed at “shifting responsibility for the consequences [of power outages] to Ukrainian state authorities, local governments or large Ukrainian companies”.
Russian hackers range from highly professional military groups that are part of the Kremlin’s security complex, to criminal gangs often trying to make money, to so-called pro-Kremlin “hacktivists”.
Ukraine appears to have had some success in countering and containing Russian and pro-Russian hacking since the war began, although Kyiv has been helped by significant Western support. The UK has provided a £6.35 million support package to help with incident response and information sharing, hardware and software.
British officials harboring the Ukrainians added there has been no increase in Russian cyber activity targeting the West, although some attacks have targeted “Russia’s near abroad,” most notably Poland, which has seen an increase in attacks on governments and strategic Autumn reported targets from Russia.
In late October, Poland’s Senate was hit by a cyberattack, a day after the country’s upper house unanimously passed a resolution labeling the Russian government a terrorist regime. Poland later blamed the pro-Russian group NoName057(16) for a denial of service attack aimed at shutting down their website.
Warsaw has also accused the pro-Russian ghostwriting group, which experts say operates out of Belarus and has ties to the Kremlin’s GRU military intelligence agency, of involvement in a disinformation campaign aimed at stealing email addresses and social Hacking media accounts of public figures in the country.
Britain continues to believe that Russian cyber activity poses a significant threat to British organizations, but it appears not to have increased since the war began. There is also no evidence that Russian wiper malware is aimed at British organizations.
However, British experts warn that there has been “pre-positioning” in case a denial of service or other cyber attacks are ordered. UK organizations are being urged to continue to review their digital security during what the NCSC considers an “extended period of heightened threat”.