Way before Russian tanks invaded Ukraine, a vicious attack of a different sort was unleashed. In mid-January, a massive cyberattack was unleashed on the Ukrainian servers, likely originating from Russian hackers.
‘Ukrainians … be afraid and expect worse’, the attack read.
Several prominent Ukrainian websites were attacked, including the ministry of foreign affairs and the education ministry portals.
Disturbingly, this may have been dismissed as “business as usual” — after all, Russia has been waging cyberattacks against the world for over a decade, actively trying to influence elections, hacking newspapers and TV channels, and obtaining data. But this time, it was different. This time, the cyberattack prefaced a military invasion.
It wasn’t just Kremlin-backed hackers that attacked Ukraine. Some self-proclaimed “patriotic” Russian hackers, with “respectable” daytime jobs, also participated in cyberattacks.
“Considering everyone is attacking Ukraine servers. I am thinking we should cause some disruption too?” one such hacker posted on social media, as quoted by the BBC.
In this case, the anonymous Russian hacker (and his team of six companions) temporarily brought down Ukrainian government websites through a rudimentary but effective attack called distributed denial of service (DDoS).
But there were also more sophisticated attacks, presumably orchestrated by organized, Russia-backed hackers. Just days before the military invasion began, on 23 February, numerous Ukrainian government websites and financial services were hit with another wave of DDoS attacks. But in addition to the attacks, a special malware virus was also discovered.
According to cyber-security experts at ESET and Symantec, this second form of attack installed a “wiper” on infected computers, deleting all data on the machines.
“ESET researchers have announced the discovery of a new data wiper malware used in Ukraine, which they have named HermeticWiper,” a spokesman said. “ESET telemetry shows that the malware was installed on hundreds of machines in the country.”
In parallel to all these attacks, a disinformation campaign was also raged against Ukraine. Meta (Facebook and Instagram’s parent company) discovered and erased a Russian disinformation network — but many more remain, leaving tech giants faced with a game of whack-a-mole.
Ukraine (and Anonymous) strike back
Just like the Russian military has way more firepower than the Ukrainian one, the difference in the two countries’ cyber-power is also substantial. In retaliation to these cyber-attacks, Ukraine issued a desperate call for volunteer hackers to join the fight.
“We have a lot of talented Ukrainians in the digital sphere: developers, cyber specialists, designers, copywriters, marketers,” Mykhailo Fedorov, Ukraine’s First Vice Prime Minister and Minister of Digital Transformation announced in a post on his official Telegram channel. “We continue to fight on the cyber front.”
His call was heard.
The volunteer IT Army was assigned to a Telegram channel, and 175,000 people have subscribed. Of course, not all of these are hackers. The vast majority are just people with internet that want to help. They are doing things like reporting Russian propaganda channels on Youtube, Facebook, or Twitter. The more savvy users are asked to perform their own DDoS attacks on the websites of Russian ministries and key companies like Gazprom.
The development of such a volunteer unit is unprecedented in history — but we are pretty much living in unprecedented times, and for a country faced with an existential threat, as Ukraine is, it’s unsurprising that they try to muster every bit of help they can.
Some international hackers have also joined the cyber-fight, most notably the decentralized hacktivist collective Anonymous.
Anonymous started with more DDoS attacks on Russian propaganda channels and government websites. At some point, all of the state-controlled Russian banks had their websites shut down. But they soon moved on to other things.
Russian TV channels were hijacked to play Ukrainian music.
“Ukrainian music is playing on Russian TV channels. It is believed that this is the work of hackers from Anonymous, who continue to hack Russian services and websites,” Fedorov said.
Meanwhile, a hacktivist group from Belarus has claimed to be disrupting the movement of military units by shutting down railways in the country (with Belarus supporting Russia’s invasion), though these reports have been hard to confirm.
In addition, Anonymous has leaked vast amounts of emails from a large Belarusian weapons company that worked with Russia on the invasion. The group also leaked a massive database of the Russian Ministry of Defense. “We are also undergoing operations to best support Ukrainians online,” Anonymous said.
The shadow war
The worst may still be coming for Ukraine, as Russia has intensified its bombing of cities — including the use of cluster bombs and the bombing of civilian centers. The country may be headed for a long, dreadful, guerilla war. Behind this war, in the shadows, the cyber-war will also likely descend into lengthy guerilla skirmishes.
‘If Kyiv falls, we keep hacking Putin,’ one volunteer cyber-soldier told Forbes.
It’s still too early to tell how impactful all this will be, and it’s still unclear just how important the data leaked from Russia and Belarus is (most of it is in Russian and is extensive, which means it will take a long time to analyze). But if there’s one thing this is doing, it’s making more publicity for Ukraine’s cause — especially back in Russia, where Putin has a strong grip on what information goes through and the truth is often censored, but also internationally.
For now, the invasion continues to rage on.