Since the start of the invasion in February 2022, Russia has not carried out large-scale cyberattacks as expected. On the other hand, the use of sophisticated and destructive malware has been intensive.
On February 24, 2022, the Russian Federation launched the invasion of its Ukrainian neighbor. At that time, many media highlighted the risks of large-scale cyberattacks intended to destabilize the country.
A little over a year ago, we saw that this dreaded cyber warfare was finally missing. What is the balance sheet in the spring of 2023? Analyzes by various experts have shown that the risk of large-scale sabotage of sensitive infrastructure has not occurred.
Cyberattacks have been much more discreet, but sometimes just as destructive. In a word, the Russians did not use the fat Bertha[1]but rather small, sophisticated cyber weapons that are difficult to spot.
Admittedly, the Russians have carried out some classic cyberattacks of the Ddos type attacks[2] aimed at paralyzing the computer network of a Ukrainian bank or an administration by flooding it with requests sent by millions of computers controlled (unbeknownst to their owner) by hackers.
Destructive viruses
In reality, the invasion of Ukraine began long before February 24, 2022. Many intelligence operations had been carried out several months before. Kremlin-backed hackers, for example, targeted communications between soldiers and their commanders and probed energy systems to see which were online and connected to the network.
But above all, the Russians had already carried out operations to “probe” the level of resistance of Ukrainian computer networks as early as 2015 (BlackEnergy malware) and the following year with the Industroyer virus.
Another observation of this balance sheet, the war in Ukraine was above all the favorite terrain of wipers, destructive malware. TAG (Threat Analysis Group, cybersecurity experts from Google) found more destructive malware attacks in Ukraine in the first four months of 2022 than in the previous eight years combined!
Sometimes used in conjunction with worms to spread throughout the network, wipers are malicious code that erases all data stored on hard drives or renders them unusable. Main objective in the context of cyber warfare: to prevent the enemy from accessing data that is critical or essential to his activities.
As early as February 2022, the US Cybersecurity and Infrastructure Security Agency (CISA-Cybersecurity and Infrastructure Security Agency) warned of the proliferation of these malicious programs (HermeticWiper, CaddyWiper, WhisperGate, etc.) targeting Ukrainian infrastructure.
Russia has also stepped up its operations in cyberspace, hitting satellite internet provider Viasat, an attack that may have degraded Ukrainian communications in the early hours of the invasion.
Russian hackers targeting the Pentagon
But as on the ground, the Ukrainians also resisted in cyber. With the support of American intelligence and in particular the National Security Agency, they repelled a cyberattack by the Russian group Sandworm which would have paralyzed an electricity network serving around 2 million people.
Ukraine is not the only target of Russian hackers. According to a report by Unit 42 of Palo Alto, an American company specializing in cybersecurity, a group of about ten hackers, called “Trident Ursa”, tried to infiltrate an oil refining company in a state NATO member at the end of August 2022.
First identified in the mid-1990s, this Russia-linked group often attempts to infect computer networks by hiding malware in USB drives. Among his targets, the NSA and the Pentagon in… 1996.
[1] In reference to the very large artillery piece used by the German army during the First World War
[2] Distributed Denial of Service