Reports: Russian cyberattacks in Ukraine supporting military strikes

Cyberattacks rage in Ukraine: Hybrid war and attacks on critical infrastructure

Cyberattacks against Ukraine reach huge numbers since Russian state-backed attackers release their campaigns constantly

It is reported that at least five separate APT groups are involved in constant malware attacks tied to campaigns designed to damage Ukraine's digital infrastructure. Cyberattacks have been used to support ground operations since the beginning of the conflict.^[1] State-sponsored hackers behind these attacks began operations in February, and according to Microsoft^[2] research, these APTs involved in attacks are state-sponsored by Russia.

Various reports show that the waves of cyberattacks against Ukraine in its digital assets tie to Russia directly. The newest report states that at least 237 cyber operations have been launched. These criminals attempt to carry out cyber espionage attacks against Ukrainian targets.^[3]

Russia is using these cybersecurity attacks in a hybrid war that correlates with the military operations targeting services, institutions, and critical infrastructures. This is the tactic helping attackers to directly affect civilians:

The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership

802 recorded cyberattacks in the first quarter of 2022

The Computer Emergency Response Team of Ukraine has been doing the research themselves and reported that the amount of cyberattacks is almost double the number of the same time last year.^[4] particular Russia or Belarus-sponsored hacker groups that have been identified include Armageddon/Garmagedon, UNC1151, Fancy Bear, XLoader, AgentTesla, Pandora hVNC/GrimPlant.

Russia seems to be preparing for the land operations and the conflict in cyberspace for a while now, researchers say. These attacks started back in March 2021, according to the reports and analysis. Threat groups delivered destructive wiper malware and used other tools and viruses that targeted Ukrainian networks. These groups worked at a pace of two or three incidents a week at the beginning.

Once the conflict on the ground began in February, these destructive attacks became more active and frequent. Hackers managed to permanently destroy files in hundreds of systems related to organizations in Ukraine. APT groups aim to permanently disrupt operations across the country. Wiper malware deletes data and destroys systems causing financial losses and reputational damage.

Disruption of critical infrastructure – the main goal

Microsoft identified various attacks targeting Ukraine to permanently disrupt organizations and paint it as a failed state. Wiper malware campaigns with viruses like HermeticWiper, IsaacWiper, and CaddyWiper targeted companies in Ukraine.^[5] At least 40 percent of such cyberattacks against the country have been aimed at organizations in critical infrastructure sectors.

This way, disrupted operations can negatively affect the government, military, economy, and civilians. These incidents are also affecting the national, regional, and city levels. There have been at least eight destructive malware strains used in Ukrainian networks. Some of them are particularly tailored, like the virus designed for the industrial control systems.

Unfortunately, these attackers can maintain the pace of development and deployment of these destructive malware versions. It is expected to discover more malware attacks and other campaigns while the conflict continues. The number of these incidents might increase over the next six months. Even though recent attacks are DDoS attacks, and espionage using low-quality tools, more sophisticated attacks also exist and more advanced methods might be used in the future.