Ukraine cyberwar pt. 1: Election attacks, power grid shutdowns and more

Image of jets flying though the sky - Destination Certification

Many of us only started paying attention to the Ukraine situation when the full-scale war kicked off in February 2022. But a conflict between Russia and Ukraine has been raging for almost a decade. Over the next couple of weeks, we’re going to take a look at the role of hacking in this conflict and see what it can tell us about the future of cyberwarfare.

This week, we’ll be taking a look at the major events of those earlier years. Next week, we’ll see how it contrasts with what happened once the war really got under way. We’re going to be focusing on the hacking side of things as opposed to the spread of disinformation. While propaganda is an important part of the battle to win the online realm, it’s a little outside of our wheelhouse.

2014 election system attack

Just prior to Ukraine’s 2014 election, a hacking group named CyberBerkut compromised the Central Election Commission’s website. They are alleged to have tried to alter the election results in favor of the candidate Dmytro Yarosh. The attack was supposedly only rectified within the last hour before the results went live, ultimately declaring Petro Poroshenko the winner. On top of this, a DDoS attack was launched, which delayed the revelation of who won the election. This attack posed a huge threat to a country whose democracy was already teetering on the edge.

Power grid attacks

In 2015, the Ukraine power grid was attacked in the middle of Winter, knocking out power to around 230,000 customers for between one and six hours. The attack used the BlackEnergy 3 malware to remotely compromise three energy companies. It has been attributed to the Sandworm group, which has been linked to Russia’s GRU, a military intelligence agency.

In the Winter of 2016, Ukrainian power grids were again under attack. Approximately one-fifth of Kyiv had its power cut for over an hour. The attack used modular malware known as CrashOverride, which was designed to disrupt industrial control systems. While the attack had relatively minor impacts, analysis by Dragos Security determined that the attack was highly automated and scalable, meaning that it could cause power outages with far less effort than the prior attempt.

NotPetya attacks

In 2017, a variant of the Petya ransomware known as NotPetya spread widely through Ukraine, while also impacting other countries like the US, India and Denmark. However, it was estimated that 80 percent of victims were in Ukraine. It had severe impacts on government agencies, banks, and energy providers, among others.

NotPetya managed to spread so rapidly through Ukraine by being delivered through a watering hole attack on a Ukraine website that issues updates for accounting software. Ultimately, the attack disrupted substantial portions of Ukraine’s financial system by encrypting data on infected systems. While NotPetya was derived from ransomware, the attack was adapted to focus on destruction rather than extorting money. The White House estimated that the NotPetya attacks caused more than $10 billion in damage across the globe.

Cyber chaos

These few examples are some of the most damaging attacks against Ukraine, but they are far from the only ones perpetrated prior to the launch of the full-scale war. One of the interesting things to keep in mind is the severity of these online attacks. Attempts to overthrow the election, sabotaging the power grid and rupturing the financial system are all hugely damaging.

Off the top of our heads, we can’t think of another country that has been subjected to this level of targeted attacks. Sure, the US has had its power grid penetrated, but nothing really happened. Yes, US elections have been attacked by foreign actors, but they didn’t come anywhere near as close to catastrophe as the 2014 Ukraine elections did.

Perhaps the US simply has the resources to maintain a stronger security posture than Ukraine, but it’s striking to see just how devastating attacks at this level can be. These attacks represent significant blows against Ukraine, in a time of a relatively small-scale war. Next week, we’ll see how things changed when the war was ratcheted up a notch.

Image of the author

Cybersecurity and privacy writer.

Would you like to receive the DestCert Weekly via email?

Your information will remain 100% private. Unsubscribe with 1 click.

Page [tcb_pagination_current_page] of [tcb_pagination_total_pages]