Is Russia secretly hacking Ukrainian websites?

What’s happening in Eastern Europe?

This situation is still developing, but as of writing Russia has invaded Ukraine, instigating the largest ground war in Europe since 1945.

Tensions have been rising ever since Russia annexed Crimea (an area of southern Ukraine) in 2014. While Russia initially claimed that the build-up of troops on Ukraine’s border was a purely defensive measure, the Ukrainian government and many Western leaders feared that an invasion could be imminent. On the February 24, 2022, those fears were proven justified.

However, in the months leading up to the invasion, an online conflict was already ongoing. More than 70 official Ukrainian websites, run by or affiliated with the government, were targeted by hackers, and that number has only risen since the war began.

Cyber attacks against Ukraine

The cyber attacks before the war involved the defacing of government websites; visitors to these pages were greeted by a message telling them to “prepare for the worst”.

Soon afterwards, another set of attacks added even more ominous messages to other sites. They threatened to expose the data of Ukrainian citizens, and were posted in Russian, Ukrainian, and incoherent Polish.

Of course, Russia has denied any direct involvement with these incidents, but that hasn’t not stopped Ukraine, Poland, and NATO accusing them of encouraging or even instigating the attacks.

Was the Russian government behind the attacks?

Simply put, we don’t know for sure. By their nature, attacks like these are very hard to trace back. However, there are a number of reasons to suspect that the Russian government may have been involved.

For one thing, there is precedent. In 2008, Russia invaded Georgia and used cyber attacks to take Georgian government websites offline. Then, during the 2014 annexation of Crimea, they employed similar tactics to disrupt online communication networks.

There’s also the timing; these attacks began to intensify while Russia was still maintaining a negotiating stance with NATO, and adding additional pressure to Ukraine could have been part of their bargaining strategy.

It’s possible, however, that the Russian government did not directly oversee or initiate the attacks. There are several patriotic hacking collectives in Russia which could have acted independently to try and assist the regime.

How did the attacks actually happen?

Ukraine has previously been able to foil many similar attacks. According to their security services, they “neutralized” at least 1,200 cyber incidents in the last year. So how did these recent attacks get through?

This is another area where we don’t know for certain what happened, but can make an educated guess.

The hackers probably used phishing emails — the simplest and often most effective way to launch these kinds of attacks. By pretending to be a trusted sender, they could have contacted employees within Ukraine’s government and tricked them into exposing login details for communication networks and administrative accounts.

Once the hackers had these details, they could launch more targeted spear phishing attacks, working their way through government networks until they could access and deface the targeted web pages.

Belarusian involvement

While Russia is likely to be coordinating these attacks, it seems they might not be working alone. Belarus, a neighboring country with a government closely tied to the Kremlin, has been accused of launching at least some of the many phishing attacks that Ukraine has faced.

Google’s Threat Analysis Group, which has been helping to identify some of the malware and cyberattack strategies used against the Ukrainian government, says that a Belarusian hacking group has been active recently. According to experts at Google, a hacking team known as Ghostwriter has been launching phishing attacks against numerous targets in the Ukraine.

Many of these emails contained links to hacker-owned web domains, seemingly designed to expose the login credentials of targets. While it’s hard to say how successful the initiative has been, Google says that the pages involved have been taken down.

The leader of Belarus is one of the closest allies of the Russian government, and the country has acted as a base of operations for thousands of Russian troops. It’s extremely unlikely that these phishing attacks were not carried out with Russian support.

The information war

Digital tools are also being weaponized in the information war between the two countries. Both Ukraine and Russia are using social media and other online channels to communicate with their own citizens, and the rest of the world.

While Ukraine has been widely hailed as the victor in this particular arena — with Ukrainian President Volodymyr Zelensky encouraging his people and winning support abroad through his online presence — Russia has gone down a different route; that of misinformation.

For Russia, the primary goal in this area is to maintain public support at home, and discourage Ukrainian resistance. To that apparent end, a completely fabricated deepfake video was circulated on Facebook in recent days, purporting to show President Zelensky calling for Ukrainian troops to surrender.

In response, Meta (the company that owns Facebook) took the video down, and President Zelensky used the Telegram app to reassure his followers that the deepfake had not been genuine. It’s yet another example of the role technology can play in shaping the course of war, even when it’s not deployed on a battlefield.

The growing threat of cyber warfare

The attacks and misinformation are clearly intended to cause fear and unrest; they’re an intimidation tactic, more than anything else. However, they raise the specter of a much greater threat; cyber warfare.

With so much of the world’s essential infrastructure — from power grids to hospitals — now online, a full-blown cyber warfare campaign could be devastating for any country.

Incidents like the recent cyber attacks in Ukraine remind us how dangerous online warfare can be. The battlefields of the future may be digital, but they’ll be no less deadly – killware, malware that may cause serious physical harm or even death is already on the rise.