Blog

How Russian Cyberattacks are Devastating Ukraine

“Vladimir Putin has brought war back to Europe,” says The Economist. The conflict between Russia and Ukraine that began in February 2014 has reached a climax - eight years later.

On February 24th, 2022, Russian President Putin announced his intention to launch a “special military operation” to “denazify” Ukraine. In addition to army tanks and cruise missiles, Russia is leveraging another crucial tool in this operation: cyberattacks.

Russian cyberattacks are not a new phenomenon. As far back as 2014, Putin engaged in hybrid warfare against Ukraine, combining traditional military activity with unconventional tactics like disinformation campaigns and cyberattacks.

The military operation in 2022, on the other hand, is a larger cyber conflict than the one in 2014 and is designed to harm Ukraine's military capabilities and unravel its social fabric.

Russia Cyberattack: State-sponsored Hacks Overwhelm Ukraine

On February 23rd, many Ukrainian bank and government department websites crashed and became inaccessible. According to one BBC report, a new “wiper” attack was discovered being used against Ukraine’s private sector. These attacks are aimed at destroying data on infected machines, and they are part of the third and most sophisticated wave of Russian cyberattacks against Ukraine.

Even back in January, Ukraine accused Russia of launching a cyberattack that crashed 70 government websites. Although access was restored in just a few hours, Ukrainians were flabbergasted to see a message just before the sites went offline. The message advised the Ukrainian people to “get ready for the worst.” In light of February's events, these words appear to be both a warning and a prophecy.

Russia’s Cyber-Warfare Tactics Against Ukraine in 2021 and 2022

Over the past 14 years, President Putin has been modernizing the Russian military by incorporating cyber warfare into traditional military strategies. Since then, Russia has launched malware-based cyberattacks against Ukraine in 2015 and 2016, the NotPetya ransomware attack in 2020, and an attack against Microsoft Exchange servers in 2021.

Ukraine's SBU security service neutralized more than 1,200 cyber attacks over the course of nine months in 2021. To date, Russia's cyber warfare approach has only increased in 2022, so the SBU is anticipating more cyberattacks from Russia that will be used for espionage and to disrupt and sabotage Ukrainian government services.

Russia seems to be favouring Distributed denial of service (DDoS) attacks to knock out Ukrainian websites and prevent access for legitimate users by flooding them with fake or malicious traffic. The latest attacks on Ukraine’s banking and government websites have been confirmed to be DDoS attacks.

Fortunately, the majority of websites recovered quickly since they were already prepared and had the capacity to adapt. However, there will be more such assaults in the future, and Ukraine needs to be prepared.

The wiper attack also seems to be a favoured method in Russia’s cyber-warfare strategy. A new data wiper malware named HermeticWiper was recently installed on hundreds of computers, raising concerns about its capability to create havoc in Ukraine.

Phishing attacks on Ukraine’s critical infrastructure have also intensified. State-backed Russian hackers have also developed a sophisticated malware called Cyclops Blink – the same malware behind the NotPetya attack in 2017.

Ukrainian Citizens Also Caught in Russia’s Cyber Attack Net

Ukrainian citizens are also being personally victimized by Russian cyberattacks. On February 24th, 2022, a large number of citizens received fake text messages claiming that ATMs had gone offline. Widespread panic followed, and thousands of citizens scrambled to withdraw money, unsure if they would be able to continue doing so in the coming days.

In addition to creating panic and uncertainty, the text messages also resulted in the Ukrainian currency (hryvnia) plummeting to its lowest level since 2015. Ukraine’s central bank limited cash withdrawals and halted foreign exchange cash withdrawals to prevent a bank run.

Conclusion

Currently, Ukraine is the main target of a surge of Russian cyberattacks. However, it is important to note that no government, institution, or company in the world is safe from the threat of cyberattacks. Proactively protecting your data from potential attacks by incorporating regular penetration testing and having a robust incident response plan is a highly recommended strategy to lessen the risk of a devastating cyberattack.

Packetlabs moves the needle on security and offers tailored enterprise pen testing solutions to proactively uncover vulnerabilities and reduce the risk of devastating cyberattacks.

Contact us how our manual focused pen testing can assist you in defending your organization from cyberattacks.

Featured Posts

See All

December 10 - Blog

Hardware Token Protocols

Hardware token protocols: what are they, and what role do they play in your organization's cybersecurity? In today's article, our ethical hackers outline the most common hardware token protocols.

October 24 - Blog

Packetlabs at SecTor 2024

Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.

September 27 - Blog

What is InfoStealer Malware and How Does It Work?

InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.