As Russia doubles down on its use of fearsome military hardware to pummel Ukraine into submission, one might think it is only the soldiers and missiles one must fear.
But alongside those horrifying air strikes wreaking havoc in residential neighborhoods and with the country’s energy infrastructure, are Russian companion cyber attacks as well.
Those attacks increased three-fold over the past year, according to Ukrainian security officials.
The country’s Computer Emergency Response Team (CERT-UA) is currently investigating a cyberattack on the National News Agency of Ukraine (Ukrinform) that took place two days ago (January 17).
According to the Ukrainian government’s report on the incident, a centralized run of the CaddyWiper malware was carried out to disrupt data integrity and accessibility using group policy (GPO). CaddyWiper, first detected in Ukraine in mid-March 2022, is aimed at destroying data. It was also used during a large-scale cyberattack on Ukraine’s energy sector last April.
It appeared from the signature features that the attack was carried out by the UAC-0082 “Sandworm” group that is associated with the Main Directorate of the General Staff of the Russian Federation’s Armed Forces Main Intelligence Office. “This group is among those who attacked Ukraine most often in 2022,” the SSSCIP said.
CERT-UA managed to localize the threat, Ukraine’s SSSCIP security agency said in a government report.
Russian hacking has also sometimes been deployed in combination with missile strikes, the security agency noted.
The cyber warfare has taken the form of disc-erasing wiper malware with “in some cases, cyber attacks supportive to kinetic effects,” said the cybersecurity agency.
Such attacks are aimed at intensifying the havoc caused by conventional military invasion, reducing manageability of the state, damaging its critical infrastructure, and increasing the genocide effects of conventional warfare (by attacking humanitarian organizations, telecom operators, logistics, etc.) the agency said in a report posted to its website.
“This effect was demonstrated in the autumn and winter of 2022, when, after a series of cyberattacks on the energy sector, Russia launched several waves of missile attacks on energy infrastructure, while simultaneously launching a propaganda campaign to shift responsibility for the consequences (power outages) to Ukrainian state authorities, local governments, or large Ukrainian businesses,” the agency wrote in its report, “Cyber, Artillery, Propaganda. General Overview of the Dimensions of Russian Aggression.”
The attacks are also intended to take “revenge” for Ukraine’s success on the diplomatic front, or “for Russia’s failures, both military and diplomatic,” the agency said.
“It is commonly believed that cyber-attacks are the weapon of the future. However, the war in Ukraine has proved that this future is already here,” the agency warned in its report. “Therefore, defense doctrines and international laws must adapt quickly.”