Close

Support Global Voices

To stay independent, free, and sustainable, our community needs the help of friends and readers like you.

Donate now »

Russia’s cyberwarfare remains limited, while Ukraine is crowdsourcing its own

A screenshot from Today’s reports decentralized attacks on the Russian internet.

Since 2008, Russia has been lauded as a cyber superpower. In the past, Russian cyber attacks have taken out electric grids, hacked elections, bankrupted corporations, and disabled military infrastructure. Nations across the world have been bracing for increased levels of cyberattacks, fearing that Russia will retaliate against sanctions by infiltrating global networks. There are no borders on the internet and even a localized attack can easily spill over to the rest of the world. Since February 24, effective cyber-attacks from Moscow are notably absent

The litany of failures might embolden Russia to carry out more high-stakes and daring digital attacks on urban infrastructure, supply chains, and military equipment across the world. It is also possible that Russia has not utilized its full cyber capabilities. Alternatively, the Ukrainian government might be fully prepared to resist most Russian attacks. Either way, it is time to seriously assess the Russian cyber bogeyman. 

Russia’s history of cyberwarfare 

The Russian military first used cyber support in its August 2008 invasion of Georgia. The digital attacks started weeks before the physical presence. On July 20, the website of then President Mikheil Saakashviili was targeted in a Distributed Denial of Service (DDoS) attack, which overwhelms a website with internet traffic until it is stops functioning. All the fabricated traffic to the website included the phrase “win+love+in+Russia.” The president’s website was unreachable for more than 24 hours.

At the start of the war with Georgia, digital attacks focused on information shaping and denial. President Saakashvili was not able to connect to a CNN interview after disruption to the Georgian Voice over Internet Protocol (VoIP) system. On August 9, DDoS attacks forced the shutdown of the National Bank of Georgia. Websites of the President and the Ministry of Foreign Affairs were defaced with side-by-side pictures of Mikheil Saakashvili and Adolf Hitler. The domestic traffic to Georgia’s government websites was also rerouted to pro-Russian news sources reporting on the war. 

An image posted on Georgia's Ministry of Foreign Affairs website after Russian hacks. [We need a source for the image, which should also specify the copyright rules under which we use it, and if it is a creative commons licence, a link to the licence.]

If Russia debuted their cyber capabilities in Georgia, they perfected them in Ukraine. After Ukraine supported the European Union Association Agreement in mid-2013, Russia orchestrated Operation Armageddon to steal information from the Ukrainian government and military officials. During the Maidan Protests, when Ukrainians took to the center of Kyiv against the pro-Russian Vladimir Yanukovych, Russia launched Operation Snake to siphon data from Ukraine's government servers. Russian hackers similarly hacked the vote-tallying system before the October 2014 parliamentary elections.   

Most of Russia’s cyberattacks since 2014 have targeted Ukraine’s critical infrastructure. In 2015 and 2016, Russian hackers infiltrated Ukrainian power grids Prykarpattyaoblenergo and ​​Chernivtsioblenergo. Both times, the power supply was remotely turned off, leaving residents of Ivano-Frankivsk (in Western Ukraine) and Kyiv without power for more than 5 hours. In 2016, the State Treasury, the Ministry of Finance, and the pension fund were shut down for 2 days. 

Due to the interconnected nature of the internet, even local cyberattacks can quickly become global. The June 27, 2017, Petya Virus designed for Ukrainian banks, electrical companies, news outlets, and government websites became the “most devastating cyberattack in history.” In a matter of days, the virus moved from radiation monitoring systems in Chernobyl to the global shipping company Maersk, and hundreds more. The attack was estimated to have cost USD 10 billion globally. 

Russia’s digital invasion of Ukraine

The early days of the invasion in 2022 suggest that Russia is using the same playbook it used in Georgia. Cyber attacks focused on government websites, media, and critical financial infrastructure. But, since February 24, most of the digital attacks have been thwarted. Ukraine is employing vigilante cyber groups to both defend its own systems and attack Russia’s.

Similar to Russia’s war in Georgia, Russia preempted its invasion of Ukraine with an orchestrated cyber-effort. On January 14, 2022 a Russian attack took down more than 70 Ukrainian government websites. The sites were defaced with pictures in Ukrainian, Russian, and Polish stating “be afraid and wait for the worst… this is for your past, present, and future… and for the historical lands.” All the sites were restored within a few hours. 

An image posted on the front page of Ukraine's government websites after Russian hacks. [We need copyright information]

A parallel attack took place on January 13, 2022. The Microsoft Threat Intelligence Center (MSTIC) detected Whisper Gate, malware designed to permanently delete all files on a victim’s computer. MSTIC noted the malware was intended for “government, non-profit, and information technology organizations, all based in Ukraine.” Within just a few hours, Microsoft released a patch to delete the infectious malware. 

One day before the invasion, Russia deployed two malware operations, once more targeting the Ukrainian government. The malware code of Isaac Wiper and Hermetic Wiper suggests that the attacks were planned months in advance. The code was spotted in targeted computers since at least December 28, 2021. The malware was intended to wipe data off the hard drive and quickly spread across systems. 

Cyberwarfare is mostly intended to hijack the flow of information and disrupt vital services. Since the beginning of the war, Ukraine has not suffered from any major disruptions. Ukrainian internet continues to work, President Vladimir Zelensky continues to dominate the narrative of the war through smartphone dispatches, and the world has mostly banned Russian state-backed news channels. 

Most importantly, unlike the war in Georgia and Crimea, Russia’s information onslaught is not working in Ukraine. Ukrainians are more united than ever in rejecting Russian disinformation. Ukraine’s major media companies have come together on one platform to broadcast one cohesive narrative. Official telegram channels are mostly successful in blocking Russian bots and communicating official government reporting. 

If anything, Russia has become the biggest victim of cyberwarfare, not Ukraine. Russian media companies ​​TASS, Kommersant, Izvestia, Fontanka, Forbes, RBK. and more than 300 government websites were temporarily disabled on February 28, displaying anti-Putin messages. Russian TV channels were hijacked to play Ukrainian songs. Documents from Belarusian weapons manufacturers and Russian Sberbank were leaked

The truth about the war in Ukraine is being disseminated across Russia in every way possible.  Disabled Russian websites displayed the message “Dear citizens. We urge you to stop this madness, do not send your sons and husbands to certain death. Putin is forcing us to lie and is putting us in danger.” On March 7, State TV channels across Russia were hacked to show footage of the war in Ukraine.   

The Ukrainian government has been loudly requesting global assistance in cyberspace. The Ukrainian Minister of Digital Transformation Mykhailo Fedorov called on hackers across the world to join the digital fight against Russia. On February 24, hacker forums across the world began recruiting volunteers with the message “Ukrainian cybercommunity! It's time to get involved in the cyber defense of our country.”

The digital war in Ukraine has turned into a global free-for-all. The independent and state-backed attacks in both Russia and Ukraine will likely create more confusion on the ground. Both organizing and attributing attacks is becoming impossible. While it remains unclear if Russia’s government intends or is able to carry out more devastating cyberattacks, the whole world is watching Ukrainian internet networks. 

Experts from Israel, the United States, and Singapore have all warned that the cyber attacks are just beginning, and that it will inevitably morph into a global problem. James Sullivan of UK's defense and security think tank RUSI notes, “We still have to be very mindful that Russia, with the right strategic objective and the right amount of resources, would no doubt focus on Western infrastructure if that was going to give it an advantage.”


 

For more information about this topic, see our special coverage Russia invades Ukraine.

 

Start the conversation

Authors, please log in »

Guidelines

  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.

Receive great stories from around the world directly in your inbox.

Sign up to receive the best of Global Voices!

Submitted addresses will be confirmed by email, and used only to keep you up to date about Global Voices and our mission. See our Privacy Policy for details.

Newsletter powered by Mailchimp (Privacy Policy and Terms).

* = required field
Email Frequency



No thanks, show me the site