Cyber-attacks have tripled in past year, says Ukraine’s cybersecurity agency

UK security minister Tom Tugendhat warns of ‘persistent threat’ of Russian attacks on country’s infrastructure

Ukraine has suffered a threefold growth in cyber-attacks over the past year, with Russian hacking at times deployed in combination with missile strikes, according to a senior figure in the country’s cybersecurity agency.

The attacks from Russia have often taken the form of destructive, disk-erasing wiper malware, said Viktor Zhora, a leading figure in the country’s SSSCIP agency, with “in some cases, cyber-attacks supportive to kinetic effects”.

Zhora’s comments came as he visited London’s National Cyber Security Centre (NCSC), a part of GCHQ, where he and Ukrainian colleagues were due to discuss how to work together to tackle the Russian threat.

Welcoming them, Tom Tugendhat, the UK security minister, said the fight “against Russian barbarism goes beyond the battlefield” and terror inflicted on civilians. “There is the real and persistent threat of a Russian cyber-attack on Ukraine’s critical infrastructure,” he added.

A day earlier, SSSCIP released an analysis of Russia’s cyberstrategy during the war so far, which concluded that cyber-attacks on Ukraine’s energy infrastructure last autumn were linked to its sustained bombing campaign.

Russia launched “powerful cyber-attacks to cause a maximum blackout” on 24 November, the report said, in tandem with waves of missile strikes on Ukraine’s energy facilities that at the time had forced all the country’s nuclear plants offline.

Enemy hackers carried out 10 attacks a day against “critical infrastructure” during November, according to Ukraine’s SBU domestic spy agency, part of the wider effort to leave millions without power amid plunging temperatures.

Cyber-attacks were also coordinated with Russian “information-psychological and propaganda operations”, SSSCIP said, aimed at trying to “shift responsibility for the consequences [of power outages] to Ukrainian state authorities, local governments or large Ukrainian businesses”.

Russian hackers range from highly professional military groups, part of the Kremlin’s security complex, through criminal gangs, often seeking to make money, to so called pro-Kremlin “hacktivists”.

Ukraine appears to have had some success in tackling and containing Russian and pro-Russian hacking since before the start of the war, although Kyiv has been helped by substantial support from the west. The UK has provided a £6.35m package of support, helping with incident response and information sharing, plus hardware and software.

British officials hosting the Ukrainians added there had been no increase in Russian cyber-activity aimed at the west, although some attacks have targeted “Russia’s near abroad”, most notably Poland, which has reported an increase in attacks on government and strategic targets from the autumn.

In late October, Poland’s senate was hit by a cyber-attack, a day after the country’s upper house had unanimously adopted a resolution describing the Russian government as a terrorist regime. Poland later blamed the pro-Russian group NoName057(16) for a denial of service attack aimed at shutting down its website.

Warsaw has also accused the pro-Russian Ghostwriter group, which its experts believe operates from Belarus and has links to the Kremlin’s GRU military intelligence agency, of being engaged in a disinformation campaign aimed at trying to hack mail addresses and social media accounts of public figures in the country.

Britain continues to believe there remains a significant threat to British organisations from the Russian cyberactivity, but it has not obviously stepped up since the start of the war. Nor has there been any sign of Russian wiper malware being targeted against UK organisations.

However, UK experts warn there has been “pre-positioning” in case a denial of service or other cyber-attacks are ordered. British organisations are urged to continue to review their digital security during what the NCSC considers to be an “extended period of heightened threat”.


Dan Sabbagh Defence and security editor

The GuardianTramp

Related Content

Article image
Ukraine hit by ‘massive’ cyber-attack on government websites
Suspected Russian hackers leave message warning: ‘Ukrainians … be afraid and expect worse’

Luke Harding in Kyiv

14, Jan, 2022 @8:45 AM

Article image
Ukraine accuses Russia of cyber-attack on two banks and its defence ministry
Kremlin denies it was behind the attack, which Ukraine’s deputy prime minister said was the largest of its type ever seen

Dan Sabbagh Defence and security correspondent

16, Feb, 2022 @7:12 PM

Article image
How the tech community has rallied to Ukraine’s cyber-defence | Joyce Hakmeh and Esther Naylor
The variety of online actors working for the cause is unprecedented, say Joyce Hakmeh and Esther Naylor of Chatham House’s International Security Programme

Joyce Hakmeh and Esther Naylor

07, Mar, 2022 @1:52 PM

Article image
EU to run war games to prepare for Russian and Chinese cyber-attacks
Ministers to be put in fictional scenarios after series of hacking incidents

Daniel Boffey in Helsinki

27, Jun, 2019 @12:48 PM

Article image
Russia-aligned hackers running anti-Nato fake news campaign – report
‘Ghostwriter’ campaign said to involve replacing true stories with false ones on news sites in Poland and Lithuania

Dan Sabbagh Defence and security editor

30, Jul, 2020 @3:32 PM

Article image
Russia accuses cybersecurity experts of treasonous links to CIA
Rumours swirl of connection to revelations about US election hacking, as state media says Sergei Mikhailov and Dmitry Dokuchayev ‘betrayed their oath’

Shaun Walker in Moscow

31, Jan, 2017 @11:19 PM

Article image
Russia unleashed data-wiper malware on Ukraine, say cyber experts
UK government and banks on alert for new form of electronic attack said to have affected hundreds of machines

Dan Milmo Global technology editor

24, Feb, 2022 @10:28 PM

Article image
Antony Blinken’s Silicon Valley visit underscores US cybersecurity concerns
Secretary of state met tech executives to discuss national security even as US public is increasingly skeptical of industry

Kari Paul

20, Oct, 2022 @10:00 AM

Article image
UK accuses Kremlin of ordering series of 'reckless' cyber-attacks
Foreign Office increases pressure on Russia after Skripal poisoning

Patrick Wintour Diplomatic editor

03, Oct, 2018 @11:01 PM

Article image
Theresa May to urge EU leaders to take action on cyber-attacks
Prime minister wants tougher response to states responsible – including sanctions

Heather Stewart and Jennifer Rankin

17, Oct, 2018 @9:30 PM