Ukraine: a Cyber War Story
The massive cyberattack preceding the Russian invasion of Ukraine on February 24th, 2022, highlighted the importance of cyberwarfare in modern conflicts. In addition to their infantry and armored divisions both sides deployed cyber-combatant units. These units are in charge of both defending their respective cyberspaces, and leading attacks into the enemy’s. Meanwhile, hackers have decided, in Ukraine as in Russia, to lend their respective nations a hand. In Ukraine, several thousands of them answered the call to arms. We met with one of them, Mykhailo Koltsov.
Mykhailo Koltsov, who has a background in philosophy, is 39 years old and works in Kiev as a cybersecurity consultant for the World Bank. In particular, his job is to protect NGOs and public sites and services from cyberattacks. When the invasion began on February 24th, he decided to take action, despite the difficulty in leading complex and effective operations alone. This is why he operates within a cyber-combatant collective. “The distribution of tasks allows us to perform better ”. Mykhailo’s group is made up of nine hackers. They are Russian objectors, Ukrainians, and foreign nationals. They do not really know each other. “Most of us never meet. We know each other’s usernames, we know how to work together, but anonymity is key.” With their help he organizes cyberattacks against Russia. Their motivation is ideological. However, these cyber-combatants remain very clear-headed about the reality of their actions. They are aware the Ukrainian government allows their operations due to the state of war, and they fear it might turn against them after the war and consider them criminals. But the circumstances of cyberwarfare have made them reconsider their judgment in regard to their independence from the government: “We are independent. When the war started we agreed to not work for state services. Working for the government is always a problem. But we also understood that we could not be completely independent from their activities, so we contacted the authorities and now we act under their supervision.” By coordinating with authorities and Ukrainian armed forces, the collective increased its offensive capability and field of action tenfold.
Carefully picked targets
The profiles of these cyber-combatants are varied. Mykhailo separates them into two categories. The first is made up of activists who have relatively limited computer skills. They are mostly tasked with creating instability on Russian servers with DDoS attacks. According to him, these tactics are not very effective. “The ‘public’ groups are juniors. In Ukrainian we call them ‘chaynyky’, teapots. They use media coverage to talk about hacks that worked, but from a technical standpoint, they are weak.” Mykhailo says he belongs to the second category. “The second category has more sophisticated objectives, long term projects, a selection of targets. We try to hit specific areas. But it’s great to have this kind of enthusiasm, even from students! Some students join us as juniors and carry out small tasks. Therefore there are different targets, different mindsets, and different levels of complexity in our work.” The group mainly uses OSINT techniques to define its targets and strategies. However, in some cases, they have to research personal data to try and find information on weapons, sensitive or high-profile individuals, and networks that aid the Russian government. Mykhailo also emphasized that offensive and defensive operations in cyberspace are set up in a similar fashion to those on a physical battlefield. As a cyber-combatant, his mission is to target digital services. He believes that a direct attack on, for example, a presidential or government website would not be very useful. Strategic targets are critical infrastructure such as postal services, utilities or the banking sector, which is particularly vulnerable. A number of businesses, private and public, rely on the digital space for daily operations. To deny them this instrument is to paralyze them. As for the Russians, “most of them follow the same reasoning as our teams. They choose infrastructure, such as railway lines and train stations. They try to disconnect our power grid, but fortunately we are protected in this area. Therefore they mainly attack public infrastructure.”
According to the expert, the most significant cyberattack orchestrated by the Kremlin was the one that took place on February 23rd. That day, Russian cyber forces launched a large-scale operation targeting Ukraine’s infrastructure, government bodies and banking system. However, Russian cyber activity has today been weakened. According to him, improvements in Ukraine’s cyber defense, as well as international sanctions, played an important part in this. States have tightened controls over their servers so that Russian hackers have to go through Western infrastructure to hit the United States or Europe. On March 21st, US President Joe Biden urged American business owners to strengthen their cyber defenses.
He highlighted that Russia’s use of its full cyber capability constitutes a risk in Ukraine and abroad. However, another major factor must also be taken into account. The structure itself of Russian cyberspace is a hindrance to the offensive capacities of the army and pro-Moscow hackers. For reasons of sovereignty, Russia has always strived to be as independent as possible from the world wide web. It therefore developed its own servers and infrastructure. But this organization of Russian internet has allowed Moscow to better defend itself from external cyberattacks, which complicates things for Ukrainians. Even though Mykhailo recognizes Russian cyber capability, he maintains that Ukrainians are some of the best hackers in the world, and authorities in Kiev have made good use of them. In response to the 23rd of February, the Ukrainian government created the “IT Army of Ukraine” on February 26th. This cyberorganization’s mission is to counter foreign incursions into the Ukrainian cyberspace and combat informational propaganda. Thousands of people answered the call. Kiev has enjoyed major success in its online battles. Ukrainian hackers targeted Rutube’s website as well as Russian civil aviation systems. Although discretion is a must in this environment, Mykhailo admits, not without pride, that he and his group took part in these attacks. And operations are ongoing. Early July, the IT Army launched a large-scale attack on hundreds of Russian websites, among which the Roscosmos space agency’s. Mykhailo remains optimistic about the future in regard to cyberspace. According to him, Ukrainian forces have very competent human resources. But material help from the West, such as specific software and routers, could make a real difference in this cyber war.
 Interview granted to inCyber in April, 2022.
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cyber risks
- Operational security
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty
- Digital transition