On Thursday, it was revealed that Ukraine’s “IT Army” was responsible for hacking Russia’s Leonardo airline booking system, causing disruptions at the country’s largest airports.
“If Ukrainian airports cannot work because of the war, why should Russian ones?” Ukraine’s Minister of Digital Transformations asked on a Telegram post.
JOIN US ON TELEGRAM
Follow our coverage of the war on the @Kyivpost_official.
Even as military analysts, many of whom expected Ukraine to fall within days of Russia’s full-scale invasion, have been shocked by how well Ukraine’s managed to defend and even go on the attack on land and sea, there’s another area where Ukrainians have held their own – cyber warfare.
While Russia continues to use its cyber capabilities to support its full-scale invasion of Ukraine, they haven’t had big wins, Viktor Zhora, the deputy head of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) said.
“They (the Ukrainians) have mounted an impressive defense against Russian aggression in cyberspace, just as they have done on the physical battlefield,” Lindy Cameron, Chief Executive Officer of the National Cyber Security Centre (NCSC), in the UK said.
But, Cameron warned, “the threat remains real.”
The threat
Russian military hackers have of late been trying to gain access to Ukrainians’ Android phones, Zhora told Kyiv Post in an exclusive interview.
Germany's Baerbock Offers Ukraine No Guarantees as Kyiv Sounds Alarm
The hackers are particularly focused on gaining access to the phones of people serving in the Ukrainian military.
One Russian hacker group, called “Sandworm,” which has ties with the GRU (the successor to the KGB) has been using malicious software called “Infamous Chisel” to hack Android applications and get constant access to phone data – including location information, British Defence Intelligence reported.
Zhora said that Ukrainians, particularly those in the military, should exercise “cyber hygiene.” That is – they should take safety precautions like turning off geolocation services and avoiding Russian networks.
You also shouldn’t save documents or photos of equipment on your devices or discuss work issues on them. And you should limit your use of social networks, Zhora said.
No news is good news
But perhaps the biggest news has been the lack of news about successful large-scale Russian cyber-attacks.
“Even if some of the interventions have some success, they are quickly localized and neutralized,” Zhora said.
On February 26, 2022, two days after Moscow started shooting missiles at Ukrainian cities, Ukraine’s prodigious community of IT professionals created a volunteer IT army.
The volunteers were divided into offensive and defensive cyber units. The offensive volunteer unit helped Ukraine's military conduct digital espionage operations against invading Russian forces.
The defensive unit was employed to defend infrastructure such as power plants and water systems.
And many of the leading experts in the field of cyber defense have come to serve in the SSSCIP, which has had a very positive impact on the country’s cyber defense, Zhora said.
“They not only performed the role of additional hands but also brought new approaches, a new vision of how to improve existing processes and systems, as well as how to create new ones,” Zhora said.
In the first eight months of 2023, more than 1,500 cyber incidents have been registered and investigated.
“The largest number of cyberattacks are against central, local authorities and government organizations – this accounts for more than 370 cyber incidents,” Zhora said.
While Zhora said that one should not underestimate the Russians’ capabilities with cyberattacks, they do not usually achieve their goals, at least not in full.
And this is because Ukrainians have been very flexible. This extends not only to dealing with cyber-attacks on Ukrainian infrastructure but also physical attacks.
In the first days of the full-scale invasion, Russia damaged one of the facilities of the National Center for the Reservation of State Information Resources with a missile strike, Zhora said.
Now, in response to such attacks, mobile data centers have been created that can move around the country and even leave its borders if necessary.
“The key here is that we are not going to give up. No matter what cyberattacks we face, we plan to win,” he said.
Past experience
Just as the potency of Ukraine’s army dramatically scaled up after 2014, when Russia illegally annexed Crimea and backed separatists in Ukraine’s Donbas region – so too has Ukraine’s ability to resist and deliver cyber-attacks.
In 2015, Russia hacked Ukraine’s electricity grid, leaving some 230,000 people in the dark.
Destructive cyber-attacks followed in 2017 – targeting Ukraine’s finance and energy sectors and government services, leading to knock-on effects on other European partners and Kyiv Metro and Odesa Airport were disrupted by ransomware that encrypted hard drives.
And on Jan. 14, 2022, about 70 Ukrainian government websites including the Ministry of Foreign Affairs, Cabinet of Ministers, and National Security and Defense Council were temporarily defaced by Russian hackers.
The morning after Russia’s January 2022 cyber-attacks, representatives of the UK, the US, and the EU turned to Ukrainian services and offered their help, including in the investigation of cyber incidents, Zhora said.
“We knew the Russians were coming,” said Robert Black, who works with the UK Defence Cyber School in educating senior Ministry of Defence leaders about warfare in the Information Age.
“They (the Ukrainians) made their networks really hard to crack so any obvious vulnerabilities were dealt with and any Russian activity inside those networks was taken care of as best we could before the Russian invasion began,” Black told Kyiv Post.
The partners
Black’s government, the UK, was one of those that supported Ukraine’s cyber defense shortly after Russia’s full-scale invasion.
The UK provided Ukraine with a £6.45 million (about $7.82 million) support package to protect its critical national infrastructure and vital public services from cyber-attacks.
This included providing firewalls to prevent attacks, and protection against destructive malware such as Industroyer2 – which had twice been used to attack Ukraine’s power grid.
Because of constant cyberattacks since the beginning of Russia’s full-scale invasion of Ukraine, most Ukrainian institutions have been moved to other clouds or even abroad, Zhora said.
“We work closely with the EU and NATO countries, exchange experience, information about threats, and learn from them,” Zhora said.
“Companies such as Amazon, Microsoft, Google and Oracle also provided great assistance to Ukraine with cloud infrastructure for temporary data transfer of critical registers,” Zhora said.
And other cyber groups have joined the fray such as the hackers group, “Anonymous,” who launched ‘cyber operations’ against Russia in retaliation for its invasion.
Websites targeted included RT and other Russian state TV channels. They played Ukrainian music and displayed pro-Ukrainian images.
A yacht allegedly belonging to Putin was reportedly hacked by the group where they changed its call sign to “FCKPTN” and set its target destination to “hell.”
You can also highlight the text and press Ctrl + Enter