Ukraine's cyber war against Russia
Yurii Shchyhol doesn't have much time on his hands.
It is understandable that the head of Derzhspetszviazok - the State Service for Special Communications and Information Protection of Ukraine, de facto the country's cybersecurity agency - be in a hurry. Ukraine, and with it the entire world order, is under attack. "This is the first time in its history that Ukraine faces full-blown cyber warfare," explains Shchyhol, who is tasked with keeping Ukrainian cyberspace secure in a similar way to how President Volodymyr Zelensky is in charge of the country's physical armed forces. .
For Shchyhol and Derzhspetszviazok staff, dealing with Russian cybercriminals is nothing new. Even before invading Ukraine on February 24, Russia had tested the country's cyber defenses, mostly by unleashing continuous, low-level attacks. On January 14, however, the country launched a larger-scale offensive, targeting more than twenty Ukrainian government institutions. The attack, which was intended to wreak havoc on several government-related websites, then spread across the Ukrainian internet. "We found that about ninety websites were not accessible following that attack - says Shchyhol -. The goal of Russian cybercriminals was to sow panic among the Ukrainian population and prove to the outside world that Ukraine is one. weak state that is unable to handle attacks ". For this reason, the Derzhspetszviazok was quick to put the affected sites back online: "At most it took us a week - he explains -. There were no data losses. The result of this attack is mostly attributable to psychological warfare" .
The escalation When Russian soldiers began to enter Ukrainian physical territory, the attacks in cyberspace intensified. For an entire month, Russia has been targeting the country's communication nodes, media, logistics and railways, Shchyhol reports. "At that time, there were many civilians - non-combatant Ukrainians - who were fleeing to safer places - he adds -. This is why the aim of these attacks was to compromise the lines of communication, particularly the railways". br>
At the moment we have entered the third phase of Russia's cyber war against Ukraine, explains Shchyhol, perpetrated "mainly against civil infrastructures: public companies and companies that provide services to civilians, since in the second phase they have not succeeded to destroy our lines of communication and our ability to inform people about what is happening ". According to the head of Derzhspetszviazok, Russia's strategies for digital warfare are similar to the tactics employed in physical conflict: "Our attitude remains the same - he says -. We treat them as criminals who are trying to destroy our country by invading it on the ground. but also trying to disrupt and destroy our lifestyle in cyberspace. And our job is to help defend our country ".
Learning from the past Ukraine's defense of its IT assets has surprised some people, who feared that Russia's much-vaunted army of hackers would be able to swiftly wipe out the country digitally, just as many in the international community feared that the invasion was doomed to a foregone conclusion. On the subject of cyberattacks, however, Russian President Vladimir Putin had already shown him his cards, Shchyhol says, and Ukraine has learned its lesson. In 2017, a Russian attack using NotPetya ransomware hit the country hard and then spread around the world, causing chaos wherever it went. “Then they remained silent for a couple of years of silence - says Shchyhol -. We understood that they were preparing to attack our country more actively, and therefore we used the moment of pause to prepare for possible attacks ”. Ukraine's success in repelling Russia's most violent cyberattacks in 2022 demonstrates how much the country has analyzed and learned from past offensives, Shchyhol points out.
Real and alleged hacktivists One aspect that helped Ukraine to to learn more about Russia's IT modus operandi was the creation of a database in which to insert Russian attacks attributed to specific groups of cybercriminals. Shchyhol reports that Derzhspetszviazok found that most of the organizations were funded by Russian intelligence - the FSB, which took over from the KGB after the collapse of the Soviet Union - or by the country's military. Shchyhol rejects the term "hacktivist" when used in relation to Russian cyber criminals: "A hacktivist is a person who works out of generosity, for free - he says -. These individuals are funded by the state and are ordered to commit crimes." Knowing who is behind the attacks was helpful, Shchyhol continues: "Understanding who is attacking us has allowed us to better prepare ourselves to repel these attacks," he says.
The database developed by Shchyhol and Derzhspetszviazok helped Ukraine to repel an attack on the country's energy company, launched by Russia earlier this year: "They used the same virus as in 2017". At the time, Russia had used the Industroyer virus; earlier this year it released an updated version, Industroyer 2. "Since we were prepared for such an attack, we were able to repel it and prevent damage to the company," explains Shchyhol. In this way, Ukraine thwarted an electricity blackout that would have affected 2 million people.
Ukrainian cybersecurity manager admits that at least one Ukrainian database - that of the government office for auto insurance policies - was deleted due to wiper-type malware employed by Russia. "For two weeks the office was unable to issue insurance policies for their customers," says Shchyhol. However, the institution, like many others in Ukraine, was warned of the risks and had a backup of the data which allowed it to return to normal operations relatively quickly.
"The fact that it is impossible for attackers to attack us should not be the parameter to judge the efficiency of a cyber fight initiative - continues Shchyhol -. The real test to understand how good we are is the [speed] with which services are reactivated. and the fact that no important data is stolen by the criminals ".
Ukraine's cyber defenses have also been strengthened by the cover fire ensured by pro-Ukrainian hacktivists. In this case, Shchyhol is more inclined to use the term: "I'm not just talking about the Ukrainian cyber army - he says, referring to the Telegram group created at the beginning of the invasion which at its peak counted more than 300 thousand subscribers - but also the others. hacktivists from all over the world who joined us at the beginning of the invasion. " According to Shchyhol, the hacktivists have provided much needed help, although there is little evidence of their impact. sucks "on the walls).
" As a military man, I believe that anything that weakens our enemy is good for us ", says Shchyhol, who specifies however that it is a personal opinion, to avoid any hypothesis of collusion or coordination by the Ukrainian state: "They are a self-managed community, which operates by setting its own objectives independently - he points out -. There is no coordination by the Ukrainian government, nor any support for their activities . As a Ukrainian government, we do not issue direct orders to have, for example, target infrastructure. " Even if they did, Shchyhol adds that Russia and its infrastructure would still be legitimate targets, in the face of "all the crimes they perpetrated here".
The role of companies Rather than focusing on attacks to the essential infrastructure of hacktivists, Shchyhol points out that targeted actions by IT companies can be just as effective. In July, the head of Derzhspetszviazok called on international companies active in Russia to withdraw from the country. "Our enemy currently employs tactics similar to those of the medieval hordes - says Shchyhol -, trying to attack territories and modify countries as they please by force. To continue using this force, they rely on continuous access to technologies. modern ".
If it were deprived of this access, he continues, Russia" will find itself in the Middle Ages. Any technology that ends up in Russian hands will immediately be used for military purposes ”. According to his estimates, 95 percent of the technology companies contacted by his agency, the vice president of Ukraine and other government officials - including Cisco, HP, IBM and Dellsi - have already withdrawn from the Russian market.
For companies still present in Russia, Shchyhol has a clear message: "The whole civilized world must recognize that the threat goes beyond Ukraine - he explains -. Cyberspace has no borders. If an attack is perpetrated. against one country's cyberspace, it automatically hits and attacks other countries as well ".
This article originally appeared on sportsgaming.win UK.
It is understandable that the head of Derzhspetszviazok - the State Service for Special Communications and Information Protection of Ukraine, de facto the country's cybersecurity agency - be in a hurry. Ukraine, and with it the entire world order, is under attack. "This is the first time in its history that Ukraine faces full-blown cyber warfare," explains Shchyhol, who is tasked with keeping Ukrainian cyberspace secure in a similar way to how President Volodymyr Zelensky is in charge of the country's physical armed forces. .
For Shchyhol and Derzhspetszviazok staff, dealing with Russian cybercriminals is nothing new. Even before invading Ukraine on February 24, Russia had tested the country's cyber defenses, mostly by unleashing continuous, low-level attacks. On January 14, however, the country launched a larger-scale offensive, targeting more than twenty Ukrainian government institutions. The attack, which was intended to wreak havoc on several government-related websites, then spread across the Ukrainian internet. "We found that about ninety websites were not accessible following that attack - says Shchyhol -. The goal of Russian cybercriminals was to sow panic among the Ukrainian population and prove to the outside world that Ukraine is one. weak state that is unable to handle attacks ". For this reason, the Derzhspetszviazok was quick to put the affected sites back online: "At most it took us a week - he explains -. There were no data losses. The result of this attack is mostly attributable to psychological warfare" .
The escalation When Russian soldiers began to enter Ukrainian physical territory, the attacks in cyberspace intensified. For an entire month, Russia has been targeting the country's communication nodes, media, logistics and railways, Shchyhol reports. "At that time, there were many civilians - non-combatant Ukrainians - who were fleeing to safer places - he adds -. This is why the aim of these attacks was to compromise the lines of communication, particularly the railways". br>
At the moment we have entered the third phase of Russia's cyber war against Ukraine, explains Shchyhol, perpetrated "mainly against civil infrastructures: public companies and companies that provide services to civilians, since in the second phase they have not succeeded to destroy our lines of communication and our ability to inform people about what is happening ". According to the head of Derzhspetszviazok, Russia's strategies for digital warfare are similar to the tactics employed in physical conflict: "Our attitude remains the same - he says -. We treat them as criminals who are trying to destroy our country by invading it on the ground. but also trying to disrupt and destroy our lifestyle in cyberspace. And our job is to help defend our country ".
Learning from the past Ukraine's defense of its IT assets has surprised some people, who feared that Russia's much-vaunted army of hackers would be able to swiftly wipe out the country digitally, just as many in the international community feared that the invasion was doomed to a foregone conclusion. On the subject of cyberattacks, however, Russian President Vladimir Putin had already shown him his cards, Shchyhol says, and Ukraine has learned its lesson. In 2017, a Russian attack using NotPetya ransomware hit the country hard and then spread around the world, causing chaos wherever it went. “Then they remained silent for a couple of years of silence - says Shchyhol -. We understood that they were preparing to attack our country more actively, and therefore we used the moment of pause to prepare for possible attacks ”. Ukraine's success in repelling Russia's most violent cyberattacks in 2022 demonstrates how much the country has analyzed and learned from past offensives, Shchyhol points out.
Real and alleged hacktivists One aspect that helped Ukraine to to learn more about Russia's IT modus operandi was the creation of a database in which to insert Russian attacks attributed to specific groups of cybercriminals. Shchyhol reports that Derzhspetszviazok found that most of the organizations were funded by Russian intelligence - the FSB, which took over from the KGB after the collapse of the Soviet Union - or by the country's military. Shchyhol rejects the term "hacktivist" when used in relation to Russian cyber criminals: "A hacktivist is a person who works out of generosity, for free - he says -. These individuals are funded by the state and are ordered to commit crimes." Knowing who is behind the attacks was helpful, Shchyhol continues: "Understanding who is attacking us has allowed us to better prepare ourselves to repel these attacks," he says.
The database developed by Shchyhol and Derzhspetszviazok helped Ukraine to repel an attack on the country's energy company, launched by Russia earlier this year: "They used the same virus as in 2017". At the time, Russia had used the Industroyer virus; earlier this year it released an updated version, Industroyer 2. "Since we were prepared for such an attack, we were able to repel it and prevent damage to the company," explains Shchyhol. In this way, Ukraine thwarted an electricity blackout that would have affected 2 million people.
Ukrainian cybersecurity manager admits that at least one Ukrainian database - that of the government office for auto insurance policies - was deleted due to wiper-type malware employed by Russia. "For two weeks the office was unable to issue insurance policies for their customers," says Shchyhol. However, the institution, like many others in Ukraine, was warned of the risks and had a backup of the data which allowed it to return to normal operations relatively quickly.
"The fact that it is impossible for attackers to attack us should not be the parameter to judge the efficiency of a cyber fight initiative - continues Shchyhol -. The real test to understand how good we are is the [speed] with which services are reactivated. and the fact that no important data is stolen by the criminals ".
Ukraine's cyber defenses have also been strengthened by the cover fire ensured by pro-Ukrainian hacktivists. In this case, Shchyhol is more inclined to use the term: "I'm not just talking about the Ukrainian cyber army - he says, referring to the Telegram group created at the beginning of the invasion which at its peak counted more than 300 thousand subscribers - but also the others. hacktivists from all over the world who joined us at the beginning of the invasion. " According to Shchyhol, the hacktivists have provided much needed help, although there is little evidence of their impact. sucks "on the walls).
" As a military man, I believe that anything that weakens our enemy is good for us ", says Shchyhol, who specifies however that it is a personal opinion, to avoid any hypothesis of collusion or coordination by the Ukrainian state: "They are a self-managed community, which operates by setting its own objectives independently - he points out -. There is no coordination by the Ukrainian government, nor any support for their activities . As a Ukrainian government, we do not issue direct orders to have, for example, target infrastructure. " Even if they did, Shchyhol adds that Russia and its infrastructure would still be legitimate targets, in the face of "all the crimes they perpetrated here".
The role of companies Rather than focusing on attacks to the essential infrastructure of hacktivists, Shchyhol points out that targeted actions by IT companies can be just as effective. In July, the head of Derzhspetszviazok called on international companies active in Russia to withdraw from the country. "Our enemy currently employs tactics similar to those of the medieval hordes - says Shchyhol -, trying to attack territories and modify countries as they please by force. To continue using this force, they rely on continuous access to technologies. modern ".
If it were deprived of this access, he continues, Russia" will find itself in the Middle Ages. Any technology that ends up in Russian hands will immediately be used for military purposes ”. According to his estimates, 95 percent of the technology companies contacted by his agency, the vice president of Ukraine and other government officials - including Cisco, HP, IBM and Dellsi - have already withdrawn from the Russian market.
For companies still present in Russia, Shchyhol has a clear message: "The whole civilized world must recognize that the threat goes beyond Ukraine - he explains -. Cyberspace has no borders. If an attack is perpetrated. against one country's cyberspace, it automatically hits and attacks other countries as well ".
This article originally appeared on sportsgaming.win UK.