Kyiv and Moscow both use cybertechnology to attack each other’s military and civilian capabilities. After one year of war, both sides have developed specific doctrines and infrastructures for using the Internet and cyber weapons.
The Economic Security Council of Ukraine published a 48-page study entitled, “Cyber, artillery and propaganda“. This document shows that the conflict in Ukraine is the world’s first widescale cyberwar. Russia’s operating methods are methodically analysed.
These analyses reveal many trends in how the Russians wield cybertechnology as a weapon. According to the report, systematic cyberattacks targeting government offices, media and communications organisations, the energy sector and essential infrastructure are some tactics the Russians have used successfully. Their goal is to weaken Ukraine’s civilian population before launching a conventional widescale invasion.
These attacks are usually coordinated by the Russian state and are carried out by ideologically motivated hacktivists, criminal groups attracted by profit and conventional Russian military units in the army, special services and private companies.
The Russian army launched a broad wave of cyberattacks in February 2022, including the hacking of a Viasat satellite network that paralysed the military communications of Ukrainian forces stationed near the Belorussian border. But with their previous experience, such as that gained in 2008 in Georgia, the Russian armed forces have refined various doctrines on using cyber weapons, some of which combine hacking with other, more traditional operating methods.
The Kremlin’s cyberattacks are often coordinated with other strikes, such as traditional attacks on the battlefield and psychological, information and propaganda campaigns. One example of such interoperability is the wave of attacks that targeted Ukrainian energy infrastructure in the autumn and winter of 2022. After launching a series of cyberattacks, Russia bombarded Ukrainian infrastructure with a barrage of missiles.
Meanwhile, it waged a propaganda campaign to pin the blame for energy shortages and power cuts on Ukrainian companies and government. It also destroyed Ukrainian data centres in Kharkiv, forcing Ukraine to rely on infrastructure located outside the country. However, despite its innovations in using cybertechnology as a weapon, it seems that the Russian bear is nevertheless losing the cyber war.
In the face of Russian cyberattacks, Ukraine’s armed forces must protect their infrastructure, networks and communication resources.
“We are confronted with dozens of cyberattacks each day. This shows that they possess a lot of resources and that they are always looking for new opportunities,” Victor Zohra, deputy chief of Ukraine’s State Service of Special Communications and Information Protection, said in the Wall Street Journal.
Russian cyber-combatants’ strategy is to constantly seek out vulnerabilities and gain a foothold in the networks, exfiltrate data, disrupt government services, and damage news and telecommunications infrastructures. This opportunistic strategy is revelatory of the limits of Russia’s doctrines and capabilities.
Ukraine has shown it is resilient and can adapt to this strategy. Ukraine’s cyber-forces rely on three categories of combatants. The first revolves around the “IT Army” and highly skilled, volunteer hackers. They are supported by all government institutions as well as intelligence from foreign partners. They are also backed by specialists from other countries, especially the United States.
Ukraine’s IT Army counts tens of thousands of soldiers. This army is comprised of volunteer hackers from Ukraine and other countries. They collaborate with civil servants from the Ukrainian Ministry of Defence to target Russian websites and infrastructure. The second category is made up of volunteer hackers organised into “cyber squads”.
They have fewer resources than the first group, but they have excellent technical skills. Mikhail Kolstov, a Ukrainian hacker and a member of one of these cyber squads, says that “this new organisation without a central command is very effective.“ The Russians can’t take us all out at once“. For the best results, some of these squads coordinate and communicate heavily with other. Mikhail Kolstov stresses that “this new organisation is getting better results than at the start of the conflict“.
In particular, he mentions the hacking of the Ukrainian “Cyber Resistance” squad. The group hacked into the email of Lieutenant Colonel Sergey Aleksandrovich Morgachev, an officer in the GRU, the main intelligence wing of the Russian military’s general staff. He is also the head of the Russian hacker group APT28 made up of officers from the GRU’s 85th special services centre. These officers belong to military unit no. 26165, in charge of cyber operations.
These squads have had a significant impact on Russian infrastructure and capabilities. The last category of pro-Ukraine hackers is comprised of volunteers with limited capabilities. These hackers use relatively unsophisticated techniques, such as DDoS attacks. New Russian targets for these hackers are listed in a Telegram channel.
The Kremlin has had to allocate additional resources and staff to combat these all-out offensives, however minor they may be. After more than one year of war, the facts are there. Ukraine’s armed forces, with support from foreign governments and volunteer hackers, have been able to adapt and become resilient to the cyberattacks launched by the Kremlin and its partners.