- Thierry Spanjaard
Cyberwar is on!
The world is under shock when we see the images of the war waged by the Russian government against Ukraine. The violence of the weapons used, the huge amount of civilian victims, the extent of destructions make us compassionate for the victims, of course on the Ukrainian side abut also the Russian soldiers sent by their government to this terrible war.
When checking from the general public sources, the war in Ukraine appears as a conventional warfare and many observers reckon that most of the actions involves tanks, bombs, aircrafts, and massive destruction of civilian targets. Many analysts are surprised massive cyberattacks, launched by either side, have not yet happened, or are not yet widely known.
At the same time, when one scratches the surface, one can see numerous events are occurring showing that the cyberwar is on, and as one may anticipate its players and its limits are blurry. Unsurprisingly Russian and Ukrainian government agencies are part of the cyberwar. According to UK-based the National News, the FSB (Федеральная служба безопасности Российской Федерации - Federal Security Service of the Russian Federation), the successor agency to the KGB, has hit national infrastructures including UK energy companies. This may be related to an announcement by the US Justice Department and British Foreign Office stating that Russian officials, including hackers with a government intelligence agency, have been charged with the malicious hacking of critical infrastructure around the globe including the US energy and aviation sectors between 2012 and 2018, according to Global News, a Canada-based information site. Attacking electrical grids could easily lead to a global chaos as described in the thriller "Blackout: Tomorrow Will Be Too Late," by Marc Elsberg.
Telecom infrastructures are among the main hackers' targets. Ukrtelecom, the owner and operator of the landline telecom infrastructure, and also an internet service provider, has been victim of a cyberattack end of March, thanks to the use of compromised user credentials from an employee in a territory recently occupied by Russia.
The war is also happening in space. US intelligence believes Russian military hackers, from the GRU (Гла́вное управле́ние Генера́льного шта́ба Вооружённых сил Росси́йской Федера́ции - Main Directorate of the General Staff of the Armed Forces of the Russian Federation) instigated last month's massive outage across Central and Eastern Europe at satellite internet provider Viasat, according to the Washington Post. The attack, which was originally thought to be a classical DDoS (distributed denial of service), is now believed to be due to a new malware called “AcidRain” that was designed to remotely erase vulnerable modems and routers.
As the digital warfare is escalating, the new step in this cyberwar is that most acts are actually perpetrated by independent hacker groups, which have pledged allegiance either to the Ukrainian or to the Russian side. For instance, Russia-affiliated groups such as Народная CyberАрмия (People's CyberArmy), Xenotime, Magnallium, Electrum or Allanite are targeting critical infrastructure and industrial systems in North America and Europe, according to Cyber Security Intelligence.
At the same time, hacker groups on the Ukrainian side are becoming more active. The government sent out a call to the hackers community to set up a cyber army. The "IT Army of Ukraine" is an emanation of the Ukrainian Anonymous hacker group, who have been joined by contributors from around the world. Citalid, a France-based developer of a cyber-risk management platform, lists groups such as BlueHornet ATW, KelvinSecurity Hacking Team, GhostClan or HackenClub among many others as having performed cyberattacks on behalf of Ukraine. Attacks are extremely diverse and may include disclosure of emails from various Russian ministries, disclosure of the identity of Russian soldiers, data compromision for Roskosmos, ATMs blockings, attacks on the Kremlin CCTV system, defamation of Gazprom oil company or Sukhoi airplane vendor websites, etc…
While we see images of terrible war acts on the ground, many actions are less visible but can prove as deadly. What we witness now may be the first cyberwar of the XXIst century.