Russia and Ukraine Flag

Russia and Ukraine – The Ripple Effect From Physical to Cyber and the Global Influence!

Published 26 January 2022

Boots on the ground may know where a border stops and starts, but as we all know there are no borders in cyberspace.

Over the past few weeks Russia has sent more than 100,000 troops to the border between Russia and Ukraine, with tensions building bringing with it the fear of war. Unlike anything that Europe has seen in decades. Although not a single physical shot has been fired, numerous digital events have been linked to Russia that has targeted the area.

In the last few weeks dozens of Ukrainian government websites were defaced. Nothing major technically speaking, but it achieved attention globally – or was it just that?  It’s more likely that some form of malware was introduced.  Researchers at Microsoft identified this destructive malware.

What is not clear is how contained these discovered malwares are. Is the Ukrainian Government strong enough to keep the malware within its borders or will the hacking offensives, thought to be led by Russia, breach its initially intended target and threaten the rest of Europe and further?

Warnings

In Mid-January the US Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure operators to take “urgent, near-term steps” against cyber threats. This suggested that the recent attacks against Ukraine were a reason to be on alert of possible threats to US assets.

We have seen this process playout previously in 2017 with NotPetya and WannaCry. Both Russian malwares that spread uncontrollably from their initial targets, spreading via the internet impacting the globe, costing billions.

Russian Testing

Ukraine has been the testing ground for Russian cyber operations for at least the past decade and seen invasions and military intervention since 2014. 

In 2015 and 2016 Russia authorised cyber-attacks on Ukraine’s national power grid. There is an honest fear from the energy companies that similar attacks will be authorised again by Russia, against Ukraine power supplies which is likely to spill over.  

This is not an unfounded fear. NotPetya saw shipping ports, numerous multinational corporations and government agencies unbale to function. The result of this was that almost anyone who did business with Ukraine was affected.

It is highly likely that we will see cyber operations from Russia, it’s military and cyber agencies. These teams are behind many of the most aggressive hacks of all time, both inside and outside of Ukraine.  Attacks against the Ukrainian power grid, NotPetya interference in US and French elections and the Olympic opening ceremony in the wake of the Russian athlete doping and exclusion from 2019 Tokyo Olympics.

Previous History

Russia has a long history of targeting critical infrastructure. They have been identified numerous times, but it is highly likely that well-hidden traces of, and yet undiscovered malware, may be in sleeper mode until activated.

No one outside of the inner workings of Russia’s cyber defence strategy truly understands what their next steps will be. It is predicted that Russia will physical invade Ukraine. Russia has demonstrated repeatedly that they have a large and varied toolbox, which they will use for everything from disinformation campaign, intended to destabilise or divide adversaries, and in the same vain they have the ability to deploy some of the most complex and aggressive cyber campaigns in the world.

What we do know is Russia is calculated, powerful and political. They will use every trick in the book to ensure that they are able to meet their objective.

Bridewell's Cyber Threat Intelligence service is able to understand the motivations of threat groups and develop prevention advice to help understand attacks and develop preventative strategies. The team is able to take a wider look at how the geo-political landscape interacts with the cyber landscape giving a best understanding of how threat landscape. Get in touch if you have any concerns or want to learn more.

Author

Anthony Gilbert

Cyber Threat Intelligence Lead

Linkedin