A screenshot from Today’s reports [1] decentralized attacks on the Russian internet.
Since 2008, Russia has been lauded as a cyber superpower [2]. In the past, Russian cyber attacks have taken out electric grids [3], hacked elections [4], bankrupted corporations [5], and disabled military infrastructure [6]. Nations across the world have been bracing for increased levels of cyberattacks, fearing that Russia will retaliate [7] against sanctions by infiltrating global networks. There are no borders on the internet and even a localized attack can easily spill over to the rest of the world. [8]Since February 24, effective cyber-attacks from Moscow are notably absent [9].
The litany of failures might embolden Russia to carry out more high-stakes and daring digital attacks on urban infrastructure, supply chains, and military equipment across the world. It is also possible that Russia has not utilized its full cyber capabilities. Alternatively, the Ukrainian government might be fully prepared [10] to resist most Russian attacks. Either way, it is time to seriously assess the Russian cyber bogeyman.
Russia’s history of cyberwarfare
The Russian military first used cyber support in its August 2008 invasion of Georgia. The digital attacks started weeks before the physical presence [11]. On July 20, the website of then President Mikheil Saakashviili was targeted in a Distributed Denial of Service (DDoS) attack, which overwhelms a website with internet traffic until it is stops functioning. All the fabricated traffic to the website included the phrase “win+love+in+Russia.” The president’s website was unreachable for more than 24 hours.
At the start of the war with Georgia, digital attacks focused on information shaping and denial. President Saakashvili was not able to connect to a CNN interview after disruption [11] to the Georgian Voice over Internet Protocol (VoIP) system. On August 9, DDoS attacks forced the shutdown [11] of the National Bank of Georgia. Websites of the President and the Ministry of Foreign Affairs were defaced with side-by-side pictures of Mikheil Saakashvili and Adolf Hitler. The domestic traffic to Georgia’s government websites was also rerouted [11] to pro-Russian news sources reporting on the war.
An image [12] posted on Georgia's Ministry of Foreign Affairs website after Russian hacks. [We need a source for the image, which should also specify the copyright rules under which we use it, and if it is a creative commons licence, a link to the licence.]
Most of Russia’s cyberattacks since 2014 have targeted Ukraine’s critical infrastructure. In 2015 and 2016, Russian hackers infiltrated [16]Ukrainian power grids Prykarpattyaoblenergo and Chernivtsioblenergo. Both times, the power supply was remotely turned off, leaving residents of Ivano-Frankivsk (in Western Ukraine) and Kyiv without power for more than 5 hours. In 2016, the State Treasury, the Ministry of Finance, and the pension fund were shut down [17] for 2 days.
Due to the interconnected nature of the internet, even local cyberattacks can quickly become global. The June 27, 2017, Petya Virus [18] designed for Ukrainian banks, electrical companies, news outlets, and government websites became the “most devastating cyberattack in history.” In a matter of days, the virus moved from radiation monitoring systems in Chernobyl to the global shipping company Maersk, and hundreds more. The attack was estimated to have cost [18] USD 10 billion globally.
Russia’s digital invasion of Ukraine
The early days of the invasion in 2022 suggest that Russia is using the same playbook it used in Georgia. Cyber attacks focused on government websites, media, and critical financial infrastructure. But, since February 24, most of the digital attacks have been thwarted [19]. Ukraine is employing vigilante cyber groups to both defend its own systems and attack Russia’s.
Similar to Russia’s war in Georgia, Russia preempted its invasion of Ukraine with an orchestrated cyber-effort. On January 14, 2022 a Russian attack [20] took down more than 70 Ukrainian government websites. The sites were defaced with pictures in Ukrainian, Russian, and Polish stating “be afraid and wait for the worst… this is for your past, present, and future… and for the historical lands.” All the sites were restored within a few hours.
An image [21] posted on the front page of Ukraine's government websites after Russian hacks. [We need copyright information]
One day before the invasion, Russia deployed two malware operations, once more targeting the Ukrainian government. The malware code of Isaac Wiper [24] and Hermetic Wiper [24] suggests that the attacks were planned months in advance [24]. The code was spotted in targeted computers since at least December 28, 2021 [25]. The malware was intended to wipe data off the hard drive and quickly spread across systems.
Cyberwarfare is mostly intended to hijack the flow of information and disrupt vital services. Since the beginning of the war, Ukraine has not suffered from any major disruptions [26]. Ukrainian internet continues to work, President Vladimir Zelensky continues to dominate the narrative of the war [27] through smartphone dispatches, and the world has mostly banned [28] Russian state-backed news channels.
Most importantly, unlike the war in Georgia and Crimea, Russia’s information onslaught is not working in Ukraine [29]. Ukrainians are more united than ever in rejecting Russian disinformation. Ukraine’s major media companies have come together [30] on one platform to broadcast one cohesive narrative. Official telegram channels are mostly successful in blocking Russian bots [31] and communicating official government reporting.
If anything, Russia has become the biggest victim of cyberwarfare, not Ukraine. Russian media companies TASS, Kommersant, Izvestia, Fontanka, Forbes, RBK. and more than 300 government websites were temporarily disabled [32] on February 28, displaying anti-Putin messages. Russian TV channels were hijacked [33] to play Ukrainian songs. Documents from Belarusian weapons manufacturers and Russian Sberbank were leaked [34].
The truth about the war in Ukraine is being disseminated across Russia in every way possible. Disabled Russian websites displayed the message [35] “Dear citizens. We urge you to stop this madness, do not send your sons and husbands to certain death. Putin is forcing us to lie and is putting us in danger.” On March 7, State TV channels across Russia were hacked [36] to show footage of the war in Ukraine.
The Ukrainian government has been loudly requesting global assistance in cyberspace. The Ukrainian Minister of Digital Transformation Mykhailo Fedorov called on hackers across the world [37] to join the digital fight against Russia. On February 24, hacker forums across the world began recruiting volunteers [38] with the message “Ukrainian cybercommunity! It's time to get involved in the cyber defense of our country.”
The digital war in Ukraine has turned into a global free-for-all [39]. The independent and state-backed attacks in both Russia and Ukraine will likely create more confusion on the ground. Both organizing and attributing attacks is becoming impossible [39]. While it remains unclear if Russia’s government intends or is able to carry out more devastating cyberattacks, the whole world is watching [40] Ukrainian internet networks.
Experts from Israel, the United States, and Singapore have all warned that the cyber attacks are just beginning [40], and that it will inevitably morph into a global problem. James Sullivan of UK's defense and security think tank RUSI notes [41], “We still have to be very mindful that Russia, with the right strategic objective and the right amount of resources, would no doubt focus on Western infrastructure if that was going to give it an advantage.”
For more information about this topic, see our special coverage Russia invades Ukraine [42].