Cyber Battles Still Rage in Ukraine | Tech Ex

President Biden made a shock go to to Ukraine’s capital of Kyiv this previous week to satisfy with Ukrainian President Volodymyr Zelenskyy, and that was just the start of a collection of conferences with worldwide companions concerning the one-year mark within the Russia-Ukraine battle.

Within the midst of worldwide headlines analyzing which army tools the U.S. and NATO international locations ought to give to Ukraine, in addition to how a lot monetary assist shall be ongoing, a much less publicized cyber conflict continues unabated.

As I wrote about intimately in my annual cybersecurity evaluate again in December, 2022 was the yr the Ukraine conflict shocked the world. On Feb. 16, Google’s Menace Evaluation Group (TAG) wrote a superb weblog entitled “Fog of conflict: how the Ukraine battle remodeled the cyber risk panorama.” Right here’s an excerpt:

“Almost one yr in the past, Russia invaded Ukraine, and we proceed to see cyber operations play a distinguished function within the conflict. To supply extra insights into the function of cyber, as we speak, we’re releasing our report Fog of Struggle: How the Ukraine Battle Reworked the Cyber Menace Panorama primarily based on evaluation from Google’s Menace Evaluation Group (TAG), Mandiant and Belief & Security. The report encompasses new findings, and retrospective insights, throughout government-backed attackers, data operations (IO) and cybercriminal ecosystem risk actors. It additionally consists of risk actor deep dives centered on particular campaigns from 2022.”

Listed below are some key findings from the 47-plus-page report :

  • “Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to achieve a decisive wartime benefit in our on-line world, usually with blended outcomes.
  • “Moscow has leveraged the complete spectrum of IO — from overt state-backed media to covert platforms and accounts — to form public notion of the conflict.
  • “The invasion has triggered a notable shift within the Japanese European cybercriminal ecosystem that may doubtless have long run implications for each coordination between prison teams and the size of cybercrime worldwide.”

There’s a part on the finish outlining forward-looking tendencies, and a fast abstract of that part exhibits that cyber assaults will doubtless proceed and even speed up in 2023 — in opposition to each Ukraine and NATO international locations. The truth that NATO members have been turning into targets in unprecedented cyber assaults from Russia was clear final yr, as I wrote on this weblog final September.

The Hacker Information added this when commenting on Google’s report:

“Russia’s cyber assaults in opposition to Ukraine surged by 250% in 2022 when in comparison with two years in the past, Google’s Menace Evaluation Group (TAG) and Mandiant disclosed in a brand new joint report.

“The concentrating on, which coincided and has since persevered following the nation’s army invasion of Ukraine in February 2022, centered closely on the Ukrainian authorities and army entities, alongside essential infrastructure, utilities, public companies, and media sectors.

“Mandiant mentioned it noticed, ‘extra harmful cyber assaults in Ukraine through the first 4 months of 2022 than within the earlier eight years with assaults peaking across the begin of the invasion.’

“As many as six distinctive wiper strains — together with WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2, and SDelete — have been deployed in opposition to Ukrainian networks, suggesting a willingness on the a part of Russian risk actors to forgo persistent entry.”


One massive query that retains arising as I talk about these subjects across the nation is: The place are the anticipated cyber assaults in opposition to U.S. and NATO international locations’ essential infrastructure? There are a couple of solutions to that query.

A current report by Recorded Future Information’ The Document claims that “Many cyberattacks by Russia are usually not but public data.” Right here’s an excerpt:

“Though dozens of personal sector reviews have detailed Russian ops through the conflict in Ukraine, specialists have questioned whether or not the cybersecurity business has visibility into the complete extent of that exercise. The joint report from the Dutch Common Intelligence and Safety Service (AIVD), alongside its Navy Intelligence and Safety Service (MIVD), cites two the explanation why ‘many of those makes an attempt haven’t but turn out to be public data.’

“The truth that ‘the tempo of Russian cyber operations is quick’ is a giant issue, the report mentioned. And the character of many focused establishments — reminiscent of army and diplomatic businesses — results in secrecy about their vulnerabilities. …

“NATO members who’re offering army assist to Ukraine are also widespread targets of Russian intelligence. The joint report mentioned that the ‘Dutch armed forces, ministries and embassies have additionally been the goal of (unsuccessful) cyber espionage makes an attempt up to now yr.’

“Alongside espionage operations, Russian cyber forces have repeatedly tried to deploy ‘wiper’ malware strains designed to destroy knowledge in laptop techniques.

“‘Moscow often makes an attempt to digitally sabotage Ukrainian important infrastructure and carries out fixed wiper malware assaults. The sustained and really excessive stress that Russia exerts with this requires fixed vigilance from Ukrainian and Western defenders,’ mentioned the joint report.”

The report goes on to say far more, together with that the mixed cyber defenses of NATO international locations have been very profitable thus far.

Lastly on this matter, this World Financial Discussion board (WEF) opinion piece describes the view that the world is lacking a giant message on cybersecurity in Ukraine: “Frankly, cyber assaults don’t have a lot affect, as counterintuitive as that will really feel, given oft-cited catastrophic-level eventualities such because the potential hacking of nuclear weapons or full disruption of the monetary system. Even when the latter have been attainable, the basic limitation of cyber operations would quickly be realized — reversibility.

“The key distinction between cyber operations and their kinetic options is that when kinetic assaults happen, what goes down is extra prone to keep down for longer. To understand this level, it helps to take a look at reversibility — or permanence — of assaults alongside a spectrum.”


The Hill reported this week on “How the conflict in Ukraine is shaping our on-line world.”

The Hill additionally reported that “Russia’s overt affect operations carried out by its state-controlled media has decreased on the platform, [and] makes an attempt at covert actions tied to the conflict in Ukraine have sharply elevated over the past yr.”

InfoSecurity Journal launched an article on Feb. 23 that described how new norms in cyber warfare are rising. Right here’s an excerpt:

“In hybrid warfare, the strains between the industrial and army domains are sometimes blurred, notably with regards to our on-line world. This may be seen within the Russia-Ukraine conflict, which has introduced with it a variety of cyber-related calls for for each authorities and personal sector actors.

Infosecurity spoke to protection and cybersecurity analysts in regards to the present cyber panorama in Ukraine, the affect of digital connectivity and whether or not cyber-Armageddon remains to be a risk.

“The conflict in our on-line world started lengthy earlier than Russian troops staged their all-out invasion of Ukraine in February 2022, famous Dr. Josef Schroefl, deputy director for Technique and Protection on the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE) in Helsinki, Finland, a corporation that works intently with NATO and the EU on countering hybrid threats. Schroefl mentioned that as of January 2023, Ukraine has registered greater than 5000 cyber-attacks on state establishments and demanding infrastructure since 2014.”

I additionally like a chunk from the Carnegie Endowment for Worldwide Peace that describes “Cyber Operations in Ukraine: Russia’s Unmet Expectations.” Right here’s a abstract quote from that report:

“A evaluate of educational, doctrinal, and journalistic writing protecting the final three a long time of Russian army theorizing on cyber-related points yields three hypotheses that will clarify the mismatch between the expectations of many Western observers and the reported affect of Russian cyber operations within the 2022 invasion of Ukraine. By exploring the distinctive and oft-overlooked sides of Moscow’s conceptualization of ‘cyber,’ this paper supplies a basis for higher assessing Russia’s efficiency in our on-line world in Ukraine in early 2022, together with a extra nuanced understanding of its capabilities and attainable expectations going ahead. These hypotheses are as follows:

  • Russia’s Info Operations Troops—a tough analog to Western army cyber instructions—stays in its infancy and seems optimized extra for counterpropaganda than for offensive cyber operations. The operational command construction over offensive cyber operations, in the meantime, stays murky and is presumably extra political than army in nature.
  • Russia’s premier offensive cyber capacities are housed inside businesses centered on intelligence and subversion—the important thing software kits used in opposition to Ukraine since 2014—somewhat than combined-arms warfare.
  • Moscow’s secretive and poorly executed February 2022 invasion precluded optimum efficiency within the preliminary interval of the conflict, which is especially pivotal in Russian enthusiastic about effectiveness within the data area.”


As I learn by these reviews from varied sources, I come to the conclusion {that a} main power of NATO’s cybersecurity capabilities is being deployed to help Ukraine of their conflict efforts. Nonetheless, many of those efforts and particular ways stay categorized and can’t be shared brazenly. These substantial capabilities present the idea for a powerful total cyber protection for NATO international locations which have, no less than thus far, muted the effectiveness of Russian cyber assaults.

Assuming that is true, Ukraine stays a sizzling battleground and check mattress for a lot of new cyber weapons and cyber protection methods being deployed on the planet as we speak. This actuality is impacting each the private and non-private sectors, as is described in a Radware case examine on DDoS assaults in opposition to Ukraine.

Whether or not new ways or new cybersecurity weapons will alter this cyber conflict narrative in 2023 and past stays to be seen. However it seems, no less than for now, that the Ukraine-Russia battle will proceed to dominate the cybersecurity panorama (each protection and assault) for the foreseeable future.

Cyber Battles Still Rage in Ukraine