This content is not available in your region

Cyber espionage is key to Russia’s invasion of Ukraine. The international community is fighting back

A photo shows a fragment of a screen at the Ukrainian Security Service headquarters in Kiev on March 6, 2019 during the joint EU-Ukraine cyber security drills
A photo shows a fragment of a screen at the Ukrainian Security Service headquarters in Kiev on March 6, 2019 during the joint EU-Ukraine cyber security drills   -   Copyright  SERGEI SUPINSKY/AFP or licensors
By Pascale Davies

Russia’s war on Ukraine is being fought not only with bombs but with bytes as cyber warfare plays an increasingly major role in the invasion.

Rather than boots being sent on the ground, international aid is coming in the shape of cyber support.

It was feared that Russian cyberattacks would involve the takeover and shutting down of crucial services such as Ukraine’s electrical grid or communications services.

While that has not quite happened, experts say cyberattacks are being used for espionage - and not just in Ukraine.

"Russia is an absolutely capable world-class cyber operator. It's among one of the best. So it's not for lack of capability," said Matthew Olney, director of Talos Threat Intelligence and Interdiction at the US company Cisco.

The company has been working with three government agencies in Ukraine on cybersecurity for the past six years.

"We believe Russia has underestimated Ukraine across the board. They underestimate the military, they underestimated the people's will to fight, they underestimated the cyber defences to some extent," he told Euronews Next.

"Russia does not see Ukraine as a threat so much as a problem to be solved. And so when they're looking at how do I allocate these resources, these cyber operation resources, we believe that it's likely that they're using those resources for espionage purposes to try to understand the world's response to Russia invading Ukraine".

Government cyber hack attacks

Google has said it has uncovered widespread phishing attacks that have targeted Ukrainian officials and the Polish military.

Its Threat Analysis Group (TAG) said the phishing campaign targeted users of the Ukrainian media company UkrNet and Polish and Ukrainian government and military organisations.

Canva
Rather than boots being sent on the ground, international aid is coming in the shape of cyber support.Canva

Google’s Shane Huntley said in a blog post that over the past few weeks, TAG has observed activity from a range of threat actors, including Belarusian outfit Ghostwriter and Russian Fancy Bear.

"This activity ranges from espionage to phishing campaigns. We’re sharing this information to help raise awareness among the security community and high-risk users," he wrote.

Olney said Russia may be trying to get access to information about the decision-making process governments are going through in terms of what sanctions to apply, understanding how cohesively governments are working together, and what divisions there are that might be able to be used as leverage in future negotiations.

As well as ongoing cyberespionage, Olney said there have also been occasional wiper attacks, which wipe the hard drive of a computer and delete data.

But these cyber hacks happened long before Russia’s army invaded Ukraine. Cisco’s investigation in January found that 80 government websites had been defaced.

"When we were doing our forensic analysis, we saw evidence that Russia had access [to Ukrainian government sites] for a number of months prior to the execution of that attack," said Olney.

"Russia has been building up troops on the border for many months prior to the invasion. And with them kind of going in that direction, we would anticipate a state-sponsored intelligence agency taking time to gain that initial access so that when they were told to do something later, they could execute that attack".

We believe that it's likely that they're using those resources for espionage purposes to try to understand the world's response to Russia invading Ukraine.
Matthew Olney
Talos Threat Intelligence and Interdiction at Cisco

Not only can such data gathered by espionage help Russia’s military position itself but it also adds to Russia’s arguments that justify the country’s invasion of Ukraine.

"Ukraine has never been a threat to Russia in that sense. And so they have utilised their assets to understand how the rest of the world is thinking, what they're planning to do jointly, how they might be pulled apart," said Olney.

"You'll see repeatedly, like different things kind of come out, such as ‘the biological warfare programme or they are building a dirty bomb’ or all these different kind of justifications.

"Part of this will be informed by what they learn in their espionage activities. And so all of that kind of is part and parcel together, and I think they're concentrating again on that larger threat, which is the rest of the world".

Cyber armies

Cisco - with its Talos branch - is one of the western companies that are helping Ukraine combat cyber attacks and hundreds of its volunteers are helping and putting in overtime to help combat cyberattacks in Ukraine.

"We're thankful to have a productive outlet for the feelings of frustration and loss that we have," Olney said, adding that he and his team have been working in Ukraine for many years and have made friends there who have "welcomed them into their homes".

Other countries have also come to Ukraine’s defence to support it in its cyber security.

After Ukraine called for help to manage the latest cyberattacks that began this year, a newly-formed team of eight to 12 experts from EU countries committed to defending Ukraine.

Known as the cyber rapid response team (CRRT), experts from countries including Croatia, Romania, Estonia, Poland, Lithuania and the Netherlands said they would aid Ukraine remotely and on-site in the country.

Meanwhile, volunteer hackers are also defending Ukraine in a so-called "IT Army," which was set up by Ukrainian digital minister Mykhailo Fedorov. The group can be accessed by the messaging app Telegram and it has a list of potential targets in Russia that hackers can target.

"Clearly, the humanitarian part is the key to this. So, where technology enables better outcomes, we want to see that in play and where technology enables worse outcomes, that's the cyber security piece that we're concerned about," said Olney.