From Ukraine to Across Europe: Cyber Conflict Reaches a Tipping Point

Thales:

news-body-cta">This press release includes multimedia. See the full statement here:

(Photo: Thales)

Eastern and Northern Europe on the Frontlines of Cyber Conflict

The attack has taken over a new geographic area in the last twelve months. At the very beginning of the conflict, the majority of incidents only affected Ukraine (50.4% in Q1 2022 versus 28.6% in Q3), however European Union countries saw a sharp increase in conflict-related incidents in the last six months (9.8% against 46.5% of worldwide attacks).

In the European summer of 2022, the number of conflict-related incidents in EU countries was almost the same as in Ukraine (85 against 86). In the first quarter of 2023, the vast majority of incidents (80.9%) took place within the European Union.

Candidates for European integration, such as Montenegro and Moldova, were the main targets (0.7% of attacks in the first quarter of 2022 against 2.7% at the end of 2022), while Poland is experiencing constant harassment, with a record number of 114 conflict-related incidents over the past year. War hackers specifically targeted the Baltics (157 incidents in Estonia, Latvia and Lithuania) and Nordics (95 incidents in Sweden, Norway, Denmark and Finland). Germany saw 58 incidents last year, but other European countries were relatively spared, such as France (14 attacks), UK (18 attacks), Italy (14 attacks) and Spain (4 attacks).

“In the third quarter of 2022, Europe was dragged into high-intensity hybrid cyber warfare at a conflict tipping point, with a massive wave of DDoS attacks, particularly in Nordic and Baltic countries and Eastern Europe. Cyberspace is now a crucial weapon in the arsenal of new instruments of warfare, along with disinformation, manipulation of public opinion, economic warfare, sabotage, and guerrilla warfare. With the conflict lateralizing from Ukraine to the rest of Europe, Western Europe must be wary of potential attacks on critical infrastructure in the short term if the conflict continues to accelerate,” he said. Pierre-Yves Jolivet, Vice President of Cyber Solutions at Thales.

From war hacktivists to cyber harassment

Of all the cyber-attacks reported worldwide since the beginning of the conflict, 61% were committed by pro-Russian hacking groups and, in particular, by Anonymous Russia, KillNet and Russian hacking teams, which have emerged since the beginning of the conflict to mirror the efforts of Ukrainian IT army hackers at the beginning of the war.

These new groups are more structured and use types of resources preferred by organized cybercrime groups, including ‘botnet-as-a-service’ resources² such as the Passion Botnet, which seeks to cyber-harass Western countries that support Ukraine.

These civilian and independent hacker groups have emerged as a new component of the conflict. They can be absorbed into a cybercrime group with specific political goals and interests, acting out of conviction not yet directly sponsored by any government. The backgrounds, technical skills and training of the members of such groups are widely varied.

Q3 2022 marked a transition to a wave of DDoS attacks, in contrast to Q1 2022 which saw a range of different types of attacks, split similarly between data leakage and theft, DDoS attacks, espionage, influence campaigns, intrusion, ransomware attacks, phishing, wiper and infostealer³.

Since then, cyber attackers have preferred DDoS attacks (75%) against businesses and governments. This systematic harassment generally has a low operational impact, but it maintains a climate of anxiety among security teams and decision makers. Its purpose is not to have a significant operational impact, but to harass targets and discourage them from supporting Ukraine.

On the other end of the spectrum, wiper attacks can destroy an adversary’s systems, and long-term espionage can weaken the integrity of an adversary’s security apparatus. However, such techniques take much longer to prepare and require more resources. Destructive cyber-military operations, together with espionage, account for only 2% of the total number of incidents and are mainly targeted at organizations in the Ukrainian public sector.

Russian authorities regularly use cyberspace to harass their adversaries without engaging in direct confrontation.

Acts of cyber warfare are still taking place in Ukraine, as seen in the ATK256 (UAC-0056) attack against various Ukrainian public entities on the anniversary of the conflict (February 23, 2023), however, they are drowned out in the eyes of Westerners by constant cyber harassment.

Thales Contribution to Critical Infrastructure Protection

Thales provides cybersecurity solutions for nine of the top 10 Internet giants, as well as helping to protect the information systems of more than 130 government agencies and critical service providers. With more than 3,500 cybersecurity experts, the company provides governments and critical infrastructure operators with integrated incident detection and response solutions, including cyber threat intelligence, detection probes, security operation centers and encryption systems to prevent breaches. of data. Organized around three families of products and services (sovereignty products, data protection platforms and cybersecurity services), the Group’s cyber solutions portfolio generated a combined total of more than €1.5 billion in sales in 2022 .

Download the report

About to Thales

Thales (Euronext Paris: HO) is a global leader in advanced technologies, investing in digital innovations and complex technologies – connectivity, big data, artificial intelligence, cybersecurity and quantum computing – for the development of society and building a better future. The Group provides solutions for companies, organizations and governments in the areas of defence, aeronautics, aerospace and digital identity and security. They are services and products that help them fulfill their mission, considering the role of people as the driving force behind all decisions. Thales has over 77,000 employees in 68 countries. In 2022 the Group generated sales of €17.6 billion.

More information:

Cyber Security Solutions | Thales Group

Map of occurrences of cyber threats (thalesgroup.com)

¹A distributed denial-of-service (DDoS) attack aims to make one or more services unavailable, either by exploiting a software or hardware vulnerability or by saturating a network’s bandwidth to deny access to users.

² Selling or renting a proxy network to other malicious actors for use in launching cyber attacks.

³ Phishing is an attempt to lure the user into disclosing information. Wiper is a type of malware used to delete data from an infected system. Infostealer is a type of spyware used to gather information from a system.

The original language text of this announcement is the official authorized version. Translations are provided as a convenience only and must refer to the original language text, which is the only version of the text that is legally binding.