All you need to know about the modern cyber warfare witnessed across the ongoing Russo-Ukrainian War...
As tens of thousands of Ukrainians are experiencing the gravest onslaught since the beginning of the Russian military invasion, it's not too far the entire world is soon going to witness the unprecedented outbursts of cyber-warfare flaring across both nations, or perhaps it's already underway taciturnly.
Ever since the war broke out against Ukraine following the open declaration made by the Russian president Vladimir Putin, explosions, gunfire & airstrikes were evident across the Slavic region. Secure Blink has been thoroughly monitoring the mobilization across the cyberspace of both nations amid this ongoing war. Ukraine has already encountered numerous cybersecurity disruptions even before the Russian invasion, indirectly linked to states sponsored threat actors.
However, the actual wave of cyberattacks emerged soon after several websites of Ukraine's government departments & banks were crashed due to an alarming DDoS attack especially targeting the online services belonging to the Ukrainian military and state-owned bank websites. According to the Security Service of Ukraine (SSU), this chain of DDoS attacks was intended to trigger the mass Ukrainians by agonizing them with anxiety & undermining their confidence in defending their homeland.
Since the past two weeks, Ukraine has been heavily alerted by the Ukrainian Computer Emergency Response Team about incoming cyberattacks targeting its authorities coordinated by the Gamaredon threat group (previously linked to Russia's Federal Security Service (FSB) by the Ukrainian security and secret services).
Even before that, the Russian government was accused of targeting over 70 government websites of Ukraine that went temporarily down in the then-largest cyber attack in four years. The authorities had highlighted a message that appeared right before the sites went offline, warning Ukrainians to "prepare for the worst, " leaving a direct indication towards potential hybrid warfare hitting Ukraine.
Most of the compromised sites were managed to be restored within hours, while there hasn't been any official statement coming from Russia in response to this intrusive incident; however, their media houses were the first to report this on-air even before Ukrainian outlets.
###Western countries under the possible target of Russia for orchestrating next cyberattack
Following this incident, there has been a series of cyber intrusions consistent across both the counterparts along with the ground retaliation. This devastating onslaught has spilled the beans of grave intimidation of a wider digital conflict leaving most of the Western governments on high alert for cyber threats from Russia.
Cybersecurity divisions of various countries have been releasing security advisories to remain on high vigilant for any potential intrusion, including the Cybersecurity and Infrastructure Security Agency (CISA) has notified businesses providing services to US armed forces to be on the virtual patrol across cyberspace for a spike in the number of attempts to break into their critical infrastructure systems.
On 22nd February, the National Cyber Security Centre of UK released similar warning organizations to assess their cybersecurity posture incorporating necessary cyber defenses to be prepared for any upcoming cyberattack. And same goes for New Zealand & Australia as they also came up with a general security advisory in order to strengthen the cyber security preparedness.
###Threat actors separate sides in accordance with their association with Russia & Ukraine
Throughout the ongoing attacks appeared to be one-sided against Ukraine, the infamous hacking group Anonymous collective took credit for not only exposing the database of the Russian Ministry of Defence on Twitter in support of Ukraine but also carried out nearly 300+ data breaches hitting various Russian financial & government entities including SberBank. They have even claimed to have brought down Russia's popular RT news, in direct response to the Kremlin lethal invasion, serving as the most prominent websites used to spread Kremlin propaganda. Currently, Anonymous is preparing to take this cyber warfare to the next level against activating nuclear deterrence by the Russian government.
While the Russian strikes continued to rise even higher following the takedown of Kyiv, the underground hacker community began to get even more involved and express their stance in the conflict by choosing sides between Ukraine & Russia, issuing bans and threats for supporters of the opposite side.
Conti ransomware operators expressed their “full support of the Russian government” by terrorizing with cyberattacks against any cyberattack attempts towards Russia leveraging all their resources “to strike back at the critical infrastructures of an enemy.”
Later on, the operators, after rephrasing the same message, mentioned that "do not ally with any government and we condemn the ongoing war" but will respond to Western cyber aggression on Russian critical infrastructure.
Meanwhile, there has been a heads up for the Ukrainian side as over 60,000 internal messages belonging to the Conti ransomware operation which has also merged TrickBot in the recent past, were reportedly leaked by a Ukrainian security researcher. Moreover, these interactions were later validated by Vitali Kremez, stating that they were extracted from a log server for the Jabber communication system used by the ransomware gang.
RedBanditsRU cybercrime group & CoomingProject, yet another, lesser-known, ransomware group also proclaimed their full support with the Russian government in case of any cyberattacks targeted towards the country.
While some ransomware operators have already taken their respective sides with Russia, others, like LockBit, are staying neutral
###Ukraine calls for support from underground hacker community against threat to their critical infrastructure
Ukraine's government is also found to urge all of its threat groups underground to actively take part in this war by defending its critical infrastructure against coordinated cyberespionage operations sourced from Russia.
According to Reuters, the Defense Ministry of Ukraine called out all the cybercommunity to enroll in a mission to defend the country. Additionally, with the situation getting drastic, the Ukrainian government is also forming a standalone "IT Army" to perform modern cyberwarfare operational tasks against Russia on the frontline of their cyberspace.
"We are creating an IT army," Ukraine's Minister for Digital Transformation Mykhaylo Fedorov said Friday. "We need digital talents."
A Telegram Channel was lately setup with more than 195,000 members to administrate the IT Army operations " use any vectors of cyber and DDoS attacks" on the websites of Russian and Belarusian business corporations, banks, and government entities, as well as media websites and YouTube channels that " openly lie about the war in Ukraine."
###Russian Ombudsman website got hacked & exposed online
As the Russo-Ukrainian War goes on through fewer recourse in the latest developments, hackers in support of Ukraine have managed to breach & leak the stolen documents & images from the Russian Ombudsman in a coordinated hacking attempt to escalate their protest ahead & encouraging Russian citizens to join the same.
“ There is a war going on in Ukraine. Hundreds of Ukrainians die every day. Hundreds of Russians die every day. Ukrainians are dying for their land, for their homeland, which was attacked by the aggressor. What are the Russian guys dying for?... The fall of the ruble, hyperinflation, salaries for which nothing can be purchased, and food on cards - this is the reality of the near future…Putting up a ‘No War’ banner is not enough…When there are few people - this is a force to be reckoned with. Take to the streets on anti-war alarms. Order to see the power and hear you. It's up to you to win. The future of your children depends on what you do today. Take action, ” the following statement appeared in the Russian language following the hack in the Ombudsman website.
###Consequence of Convenience: Russo-Ukrainian War exhibits Modern Age Warfare
Modern cyber-warfare is no longer confined towards conventional wars fought with guns, artillery, tanks, missiles, etc., limited by mechanical resources, grounds, time. However, intrusion over virtual space is nearly free from all of it. While Russia is often accused of targeting global entities through its cyberattack campaign, which are mostly state-sponsored and cybersecurity researchers perpetrating cyberattacks, disinformation campaigns in an effort to disrupt economies and undermine democracy.
Now, experts say Russia could launch more sophisticated forms of cyberattacks, targeting Ukraine and possibly other countries, too.
“The question now is, is this the contingency that they have been preparing for? Is this the threshold that they’ve been waiting for to start carrying out disruptions? We’re obviously concerned that this could be it.”