Last week, we dove into the Russian cyberattacks against Ukraine that occurred prior to the launch of the full-scale war in February 2022. These attacks had severe effects, including almost compromising the 2014 elections, shutting down power grids, and causing widespread havoc to financial, governmental and other critical systems.
When the Russian army began marching on Kyiv, we expected the cyberattacks to ramp up in intensity. But the reality is that the impact has been relatively minor. Let’s take a look at some of the major events.
Government websites vandalized
In January 2022, Russia defaced a bunch of Ukrainian Government websites. These included the sites for the Cabinet of Ministers, the Security and Defense Council, as well as the Ministry of Foreign Affairs. However, most of the sites were able to recover within a few hours.
A threat actor associated with the Russian GRU was dubbed Cadet Blizzard by Microsoft. In January, it unleashed a host of wiper attacks against IT, government and non-profit organizations. While the malware looked a lot like ransomware, it’s believed that it was really intended to destroy files and not extort money. However, these attacks had fairly limited impacts against the targets.
Similar wiper attacks were once again launched against Ukrainian organizations in February. These attacks coincided with Russia officially recognizing the contested regions of Eastern Ukraine.
On February 15, Ukraine suffered its largest DDoS attacks to date, bringing down some of its biggest banking websites, as well as the sites of the army and defense ministry. In addition to the websites, it also impacted ATMs and banking apps. Further DDoS attacks struck the country on February 23, but most of the victims were able to recover quickly.
Attack against Viasat
The Viasat network was attacked on February 24, bringing down thousands of the company’s satellite broadband modems across Ukraine. It is suspected that this attack was intended to disrupt Ukrainian military networks that used the technology, but the attack also affected government agencies and other parties.
Ukraine’s third cyber-blackout
According to a recent report from Mandiant, Russia did manage to cause another blackout in an unnamed Ukrainian city in October 2022. The blackout was likely triggered by the threat actor managing to compromise the circuit breakers, resulting in a blackout that coincided with a missile bombardment. Two days later, it was followed by a wiper attack which caused further disruptions, with Mandiant suspecting that its purpose may have been to destroy forensic evidence.
Mandiant did not release details about which city was attacked, the number of people affected, or the length of the blackout. At this point we’re just speculating, but given that the cyberattack was not made public for more than a year, we suspect that its impacts may have been relatively minor compared to the prior two Ukrainian blackouts of 2015 and 2016.
The other major possibility that jumps out at us is that the effects were larger, but the blackout was initially attributed to the missiles, rather than a cyberattack. If this second theory is true, it brings up an interesting yet concerning precedent: that cyberattacks can cause disruptions to civilian infrastructure on a similar scale to missiles.
Why have the cyberattacks been relatively modest?
When we consider just how substantially Russia upped its military assaults on Ukraine in 2022, it seems reasonable to expect a similar ramping up in the cyber-realm. While we haven’t
listed all of the cyberattacks Ukraine has suffered since the beginning of the full-scale war, those listed above are the most serious. However, these haven’t been as impactful as many had suspected.
So why hasn’t Russia succeeded with massive cyber-offensives against Ukraine? Possible explanations could be that Russia has been purposely limiting its online attacks, or that Ukraine’s cyber-defenses have just been more resilient than expected.
A large aspect of war is really based in economics. There’s a limit to the resources that a country has, and in times of war, it needs to be prudent in using them to reach its military goals. One plausible explanation for the lack of success is that Russia’s calculus may be that it gets better results by putting its resources into more conventional weaponry, such as destroying critical infrastructure with missiles as opposed to cyberattacks. Similarly, it could be choosing to expend more of its resources on propaganda efforts rather than hacking.
Has all of the defensive practice helped Ukraine?
Another possibility is that Ukraine’s defenses have improved dramatically so that even if Russia is putting significant effort into its attacks, it may not be as successful as it had hoped to be. After falling victim to severe cyberattacks for much of the prior decade, Ukraine may have invested significantly in its defenses.
To back up this theory, Microsoft’spresident, Brad Smith, stated that “The Russians were every bit as aggressive as we expected… But the reality is, thanks in part to the resilience of Ukraine and the advance in cybersecurity technology, the first year of this war, at least, defense has proven to be far stronger than offense when it comes to attacks in cyberspace.”
Some stats also back up the theory of Russia not letting up on its attacks. The Ukrainian State Service for Special Communications and Information Protection reported a tripling of cyberattacks in 2022, up from 557 the prior year to 2,194 in 2022.
In addition to the Ukrainians themselves being more practiced in defense, many significant players in the West have also contributed their knowledge and resources to help the Ukrainian
Government with its fight. From helping Ukraine move its critical apps and data to data centers outside the country to sharing information and expertise, international contributions include:
- Amazon Web Services helping the Ukraine Government back up its critical data and assisting it with business continuity.
- Cloudflare providing its Project Galileo tools to Ukraine for protection against DDoS and other attacks.
- Google offering its Project Shield anti-DDoS tools to Ukraine.
- SpaceX shipping Starlink terminals to Ukraine to help make the country’s internet connections more resilient against cyberattacks.
- The EU’s Cyber Rapid Response Team assisting Ukraine with its cyber-defense.
Highlighting the assistance of international partners is by no means meant to denigrate the abilities of Ukraine, which has performed surprisingly well given the circumstances. But at the end of the day, Ukraine is being attacked by a much bigger country with more resources and a lot of experience in cyber-offensives. Many countries would struggle to defend themselves against such an opponent without outside help.
Whatever the conclusion, Ukraine has proven remarkably resilient in its cyber-defenses since the beginning of the full-scale invasion. But we don’t know if Russia has some brutal zero-days hiding up its sleeve, or if it’s scraping the bottom of its war chest. Let’s hope the war comes to an end soon.