Ukraine has suffered a threefold growth in cyber-attacks over the past year, with Russian hacking at times deployed in combination with missile strikes, according to a senior figure in the country’s cybersecurity agency.
The attacks from Russia have often taken the form of destructive, disk-erasing wiper malware, said Viktor Zhora, a leading figure in the country’s SSSCIP agency, with “in some cases, cyber-attacks supportive to kinetic effects”.
Zhora’s comments came as he visited London’s National Cyber Security Centre (NCSC), a part of GCHQ, where he and Ukrainian colleagues were due to discuss how to work together to tackle the Russian threat.
Welcoming them, Tom Tugendhat, the UK security minister, said the fight “against Russian barbarism goes beyond the battlefield” and terror inflicted on civilians. “There is the real and persistent threat of a Russian cyber-attack on Ukraine’s critical infrastructure,” he added.
A day earlier, SSSCIP released an analysis of Russia’s cyberstrategy during the war so far, which concluded that cyber-attacks on Ukraine’s energy infrastructure last autumn were linked to its sustained bombing campaign.
Russia launched “powerful cyber-attacks to cause a maximum blackout” on 24 November, the report said, in tandem with waves of missile strikes on Ukraine’s energy facilities that at the time had forced all the country’s nuclear plants offline.
Enemy hackers carried out 10 attacks a day against “critical infrastructure” during November, according to Ukraine’s SBU domestic spy agency, part of the wider effort to leave millions without power amid plunging temperatures.
Cyber-attacks were also coordinated with Russian “information-psychological and propaganda operations”, SSSCIP said, aimed at trying to “shift responsibility for the consequences [of power outages] to Ukrainian state authorities, local governments or large Ukrainian businesses”.
Russian hackers range from highly professional military groups, part of the Kremlin’s security complex, through criminal gangs, often seeking to make money, to so called pro-Kremlin “hacktivists”.
Ukraine appears to have had some success in tackling and containing Russian and pro-Russian hacking since before the start of the war, although Kyiv has been helped by substantial support from the west. The UK has provided a £6.35m package of support, helping with incident response and information sharing, plus hardware and software.
British officials hosting the Ukrainians added there had been no increase in Russian cyber-activity aimed at the west, although some attacks have targeted “Russia’s near abroad”, most notably Poland, which has reported an increase in attacks on government and strategic targets from the autumn.
In late October, Poland’s senate was hit by a cyber-attack, a day after the country’s upper house had unanimously adopted a resolution describing the Russian government as a terrorist regime. Poland later blamed the pro-Russian group NoName057(16) for a denial of service attack aimed at shutting down its website.
Warsaw has also accused the pro-Russian Ghostwriter group, which its experts believe operates from Belarus and has links to the Kremlin’s GRU military intelligence agency, of being engaged in a disinformation campaign aimed at trying to hack mail addresses and social media accounts of public figures in the country.
Britain continues to believe there remains a significant threat to British organisations from the Russian cyberactivity, but it has not obviously stepped up since the start of the war. Nor has there been any sign of Russian wiper malware being targeted against UK organisations.
However, UK experts warn there has been “pre-positioning” in case a denial of service or other cyber-attacks are ordered. British organisations are urged to continue to review their digital security during what the NCSC considers to be an “extended period of heightened threat”.
