Updated: Feb 24
There is growing evidence of hacking campaigns linked directly and indirectly to Russia’s war in Ukraine, with the stories shedding more light on an opaque element of the invasion - cyberwarfare. Experts predicted that Russia would launch significant cyber-attacks in Ukraine, shutting down the country’s electrical grid for example. In the hours before Russian troops invaded, Ukraine was hit by never-before-seen malware designed to wipe data — an attack the Ukrainian government said was “on a completely different level” from previous attacks.
Reports of smaller forays are also beginning to emerge. Google said it had uncovered widespread phishing attacks targeting Ukrainian officials and Polish military. Security outfit Resecurity also shared evidence of a coordinated hacking campaign targeting US firms that supply natural gas (a commodity that has become critical as Western sanctions hit Russian energy exports). In both cases, attacks could be linked to groups associated with Russia and its allies.
Google’s Threat Analysis Group (TAG) said the phishing campaign targeted users of UkrNet, a Ukrainian media company, as well as Polish and Ukrainian government and military organizations. These attacks were carried out by groups including Belarusian outfit Ghostwriter and Russian threat actor Fancy Bear. The latter group is associated with Russian military intelligence agency GRU and was allegedly responsible for the 2016 Democratic email hacks.
Over the past two weeks, TAG has said it has observed activity from a range of threat actors that they regularly monitor, including FancyBear and Ghostwriter. The activity ranges from espionage to phishing campaigns. We believe the Cyberwarfare being used by bad actors which include entire nations will encourage robust AI cyber-defence spending for years to come.