Russian Hackers Are Escalating and Diversifying Their Attacks on Ukraine, Research Says

As the Russian invasion of Ukraine reaches its sixth month, Russian hackers are escalating and diversifying their attacks on the country and its citizenry, sending mass texts to Ukrainian civilians threatening their lives if they don’t retreat from their homes, attempting to breach the country’s banks, and even crippling some of their basic utilities.

In a presentation at DEF CON 30, Kenneth Geers, a security specialist at Very Good Security and fellow at NATO Cyber Centre, outlined how Russia has forecast these actions for years, including via ongoing attacks on power grids and communication systems in Ukrainian towns.

Russian attacks on the Ukrainian power grid are nothing new, but they’ve been growing more frequent as the country tries to flex its digital muscle. The Kremlin’s first attack was carried out in 2015, taking down part of the national grid for six hours. Russian hackers staged another similar attack a year later. Doing so not only punished Ukraine, but also demonstrated the power Russia had in its ability to carry out a cyberattack against another nation. This was just foreshadowing to the 2022 invasion, in which prior to major military operations from Russia, cyber-attacks increased around the country. Major attacks are now an ongoing feature of the war as it drags on, with more than 300 documented cyberattacks in and around Ukraine since the start of the conflict in February.

“Troops no longer move without significant hacker support,” Geers told Gizmodo in an interview about his presentation. Specifically, he said, Microsoft noted on February 17 that Russian hackers had been active in the border town of Sumy, targeting critical infrastructure networks in advance of troop movements. These attacks, according to Geers, stretched into March, caused regional power outages, explosions at an electricity substation, and explosions at a combined heat and power plant in Sumy, resulting in a loss of heat, water, and electricity for citizens.

If power outages and loss of heat were not enough, Russian hackers have also sent Ukrainian troops threatening text messages telling soldiers ​​“they’ll find your bodies when the snow melts.” Other messages warned citizens to evacuate their homes letting them know they will live if they leave, or that “nobody needs your kids to become orphans.”

A series of Russian DDoS attacks, a method in which hackers flood the network servers taking websites offline, have targeted banks, government websites, and ATMs. In the case of ATMs, the hackers managed to temporarily take the machines offline, denying Ukrainians access to their money, fomenting panic as citizens looked to flee.

With Russia’s cyber warfare capabilities on full display, it begs the question: if Russia can carry out attacks like this in Ukraine, can it do so to other nations?

The answer is likely not, according to Geers, at least right now. “Today, Russia has its hands full,” he said. “If the NATO/EU alliance remains firm, I doubt that Russia has the bandwidth to attack other nations, because the risks currently outweigh the benefits.”

But that hasn’t stopped other nations from worrying about it. Since the start of the war, President Biden has warned that the US could also fall victim to Russian cyber-attacks as the result of sanctions against the Kremlin and financial and military support of Ukraine. These threats have not yet materialised, but that doesn’t mean they aren’t looming.

Following the 2015 Russian cyber-attack on the Ukrainian power grid, Russian malware was discovered in as many as 10 US utilities, including one nuclear power plant. Is the US prepared for the day when one of these attacks hits?

“As a nation, the US is prepared,” Geers believes. “But for individual businesses, the potential damage is immense, at least temporarily.”

While the US government may believe it’s prepared for such an attack, that preparedness did not stop the 2021 Colonial Pipeline hack that disrupted fuel supplies to part of the country. The hack, which used a password believed to be acquired from the dark-web and an outdated security system which was not protected by two-factor authentication, shows that even in the last year, a simple phishing scam or outdated security system leaves the entire country vulnerable to attacks. While this action only targeted the southeast region of the county, a more coordinated attack could bring the country to its knees.

An attack on the US grid could cause outages in various parts of the country, and well targeted attacks could leave millions scrambling with a loss of water, heat, or access to the internet.

While the US government might be preparing for such an attack, carrying out drills and training its own experts to quickly get grids back online, the case study of Russia’s attacks in Ukraine show that, while the government might be prepared for what to do when it happens, US citizens are not. That will undoubtedly need to change if the future of nation-state attacks continues to escalate in cyber warfare.

“In Ukraine,” Geers said, “We have seen attacks in every domain: military, political, diplomatic, business, critical infrastructure, social media, etc. So, if nations want to prepare for cyber warfare, they need to educate the entire population.”

While many experts agree that there is little to nothing your average citizen can do to prevent such attacks, you can be prepared for them. Backing up your bank statements, important emails, and other files to external hard drives off of cloud networks so you can access them even if the internet is taken offline. This also means better educating the general public about email phishing scams, which millions fall victim to every year, while also keeping your anti-virus and other computer software up to date.