Understandable fears of an unparalleled Russian cyberwar began to grow around the same time Russia began staging its military on their border with Ukraine. Some people pictured a Russian digital assault not just on Ukraine but on all the West. At least a few people thought the Kremlin might team up with ransomware gangs to punish those who defied the invasion. Others were afraid that conflict between Putin’s hackers and Ukraine might spin out of control and spur a broader cyber melee around the globe. While an all-out Russian digital assault on the long list of the countries providing aid to Ukraine has yet to come to pass, hackers, hacktivists, disinformation, and cyber threats are still playing a central role in the crisis.
Social Media becomes a battlefield for disinformation and cyber-espionage
Critics say that Russia has sought to use every media apparatus at its disposal to distribute its messaging and conduct information warfare on Ukraine and the West. Most recently, Facebook’s parent company, Meta, announced that it had booted several groups with ties to the Russian and Belarusian governments off its platforms. The groups had been targeting Ukrainians using a variety of creepy tactics, including attempting to hack the Facebook pages of Ukrainian officials and leveraging networks of fake accounts to spread disinformation and false narratives.
Russia has also been accused of using TikTok and Twitter to spread its messaging and has, in turn, accused the West of spreading its own propaganda.
America cracks down on Russian cybercrime - America has limited options in its mission to deter Russia’s war. So far, economic pressure has been the biggest cudgel the West can wield. Sanctions and corporate blacklisting have been a big part of this. But so has a parallel effort to weaken Russia’s more illicit revenue streams. The Justice Department recently announced a few operations aimed at hobbling Russian criminal activities, including cybercriminals.
Earlier this week, German officials announced the takedown of Hydra, the single biggest dark web crime den on the internet whose lengua franca was Russian. Not long afterwards, authorities also revealed that they had incapacitated a botnet created by the powerful Russian hacking gang “Sandworm.” According to officials, Sandworm created the botnet by infecting thousands of devices all over the world with its malware, “Cyclops Blink.” The malicious network might have been used in cyberattacks and criminal activities had it not been taken down, authorities said.
Ukraine’s volunteer army of hackers - Everyday citizens in Ukraine are using their own hacking abilities to defend their country against Russia. The nation has assembled a “volunteer IT army,” culled from everyday Ukrainian tech workers, which it claims numbers in the “hundreds of thousands.” This army refers to itself as a kind of “hacktivist” militia, defending the country from Putin’s legions from behind their keyboards. The group has a Telegram page with thousands of followers and a strong Twitter presence where it regularly agitates against the invaders:
The role of hacktivists - So far, hacktivists have played a big role in the Ukrainian crisis. Non-state actors, allegedly incensed by Russia’s war, have unleashed a wave of hacktivist attacks on the country — targeting a broad array of Russian businesses and government agencies. Whether these anonymous groups are truly non-state actors is anybody’s guess. There is a decent amount of evidence to suggest that much of what passes for hacktivism these days is actually just state-sponsored hacking in disguise.
That said, we do know that hackers calling themselves hacktivists have been hacking Russia quite a whole lot. Most visibly, the well-known group Anonymous declared war on Putin’s government over the Ukraine invasion, leaking gigabytes of data. The group has claimed a number of victories, including alleged hacks on the nation’s central bank, on a variety of companies and corporate databases, and on several media organizations and websites.
Russian companies hit by leaks - A number of powerful Russian companies and agencies have become the victims of hack-and-leak operations as a result of the country’s invasion. Hackers allegedly affiliated with Anonymous have claimed responsibility for many of these incidents. Some of the targets include:
- Transneft, a major Russian energy company (and the biggest oil pipeline company in the world), was recently struck by hackers, who stole 79 gigabytes of emails, which they then proceeded to leak.
- Roskomnadzor, one of Russia’s media regulation agencies (read: censorship office) recently suffered a data breach in which hackers claimed to have compromised and leaked some 360,000 internal files.
- Thozis Corporation, a Russian investment firm, suffered a leak of some 5,000 emails.
Much of the leaked material has been curated by the journalist organization Distributed Denial of Secrets, which specializes in disclosure and distribution of materials culled from hacks. You can read about them at the DDoS website.
Fears of Russian cyberattacks - US officials have very publicly worried that Putin’s government might retaliate against America over its support for Ukraine. One of the easiest ways Russia could do this without openly starting WWIII is via a sneaky cyberattack, potentially on US infrastructure.
This threat seems to be keeping a lot of people up at night. During a press appearance two weeks ago, President Joe Biden said: “Based on evolving intelligence, Russia may be planning a cyberattack against us.” Biden also warned U.S. companies to steel themselves for such attacks. The FBI has similarly warned that Russian groups make try to attack America’s energy grid. Meanwhile, editorials — from The Atlantic to The Boston Globe — have sounded the alarm that America might be on the precipice of getting zapped.
Russia certainly has the capabilities. The government has both the necessary political motivation and connections to big, scary hacker groups. Threat analysts say Russia have a proven track record of seriously wrecking shit digitally — just check out Sandworm’s alleged attack on the Ukraine electrical grid in 2015. However, as of right now, all of those fears have failed to materialize into any real, active threat. As of right now, we seem to be OK.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or firstname.lastname@example.org
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings