The war unleashed by Russia against Ukraine is also being waged online

Wars are no longer fought only on the battlefield. The Russian military offensive launched on February 24 against Ukraine is preceded by a “cyber war” that has been active for months, even years, with attacks on companies, banks, electrical infrastructure or government websites.

Although establishing 100 percent authorship in cyberspace is a difficult task, some countries, experts and cybersecurity companies see the “footprint” of hacking groups originating from Russia in many of these attacks.

But when did they start? Have they continued once the invasion of Ukraine began? When was cyber war first talked about?

Cyber ​​threats are part of the instruments of the so-called hybrid wars. “All wars are already hybrid, with multiple battlefields”, such as disinformation or attacks on the Internet, cybersecurity expert José Rosell, managing partner of the Spanish company S2 Grupo, describes to Efe.

Cyber ​​warfare is the use of cyberspace to launch attacks that cause damage or make it impossible for the adversary to access services of all kinds, explains Josep Albors, director of research and awareness at ESET Spain.

However, as in many other areas, it is necessary to differentiate between a large-scale cyber war and the “cyber skirmishes” that constantly take place, and bear in mind that attributions are never as clear as they are with conventional attacks.

2007, the first time there was talk of cyberwar

Although it is difficult to put a date, the experts consulted agree that the first time cyber warfare was discussed was in 2007, as a result of the attacks suffered by Estonia.

The Estonian government then moved a statue commemorating the country’s liberation from the Nazis by the Soviet Union to a less prominent location, angering Estonia’s Russian-speaking population and destabilizing relations with Moscow, Chester said. Wisniewski of the cybersecurity company Sophos.

Soon after, there were riots in the streets, protests outside the Estonian embassy in Moscow, and a wave of Distributed Denial of Service (DDoS) attacks, undermining Estonian government websites and financial services (via malware or computer bots collapsed the pages).

Almost immediately, Wisniewski recounts in an article, tools and instructions on how to participate in DDoS attacks appeared on Russian forums; seven days later these ceased at midnight.

Although everyone immediately implicated Russia, DDoS attribution, by design, is almost impossible. These are now widely believed to have been the work of the Russian Business Network, a well-known organized crime group in Russia, according to Wisniewski.

Ukraine: cyber attacks that have not stopped since 2014

“Subsequent cyberattacks against Georgia in 2008, at the time when Russia was invading the separatist province of South Ossetia, and against Kyrgyzstan in 2009, take us -adds Wisniewski- to the invasion of Crimea in 2014″. Since then, the cyberattacks suffered by Ukraine have not stopped, experts agree.

“We have had episodes for years”; there have been “very serious” attacks that knocked down even part of the electrical system, says Rosell.

In December 2015, half of the more than 230,000 inhabitants of the Ukrainian city of Ivano-Frankivsk lost electricity and a year later the lights went out in Kiev – this time the malware responsible was called Industroyer/CrashOverride.

Rosell agrees with Wisniewski that the attacks intensified in 2017 with NotPetya, a computer virus -an evolution of WannaCry- originally launched in Ukraine and that spread in a matter of hours, mainly affecting Ukrainian companies, but also countries such as Poland, United Kingdom or France.

The weeks before the invasion

“Against Ukraine they have been sending emails with a specific Trojan to military personnel and officials for weeks to directly delete documents,” says Jordi Serra, professor of Computer Science, Multimedia and Telecommunications Studies at the Universitat Oberta de Catalunya.

On January 13 and 14, 2022, numerous government websites were deconfigured; Many “false flags” were left behind in this attack – perpetrators – who tried to implicate, for example, Ukrainian dissidents.

On February 15, a series of DDoS attacks were launched against Ukrainian government and military websites, as well as against three of the largest banks. The United States accused Russia of these actions.

On the 23rd, another wave of cyberattacks was unleashed, which until now have not been attributed to anyone. However, referring to this and the one on the 15th, the head of the cybersecurity department of the Security Council of Ukraine, Ilya Vityuk, said: “We clearly see the footprint of foreign intelligence services.”

On the 24th numerous Russian government websites, including those of the Kremlin and the Ministry of Defense, crashed, and two days later Anonymous came into play, declaring “cyber war” on Russia and its president, Vladimir Putin. Since then, they have claimed responsibility for various attacks, including the Russian media on the 28th.

A few hours after Anonymous’s announcement, the ransomware or ransomware group Conti posted a message on the darknet declaring their full support for the Russian government, a statement they later toned down by suggesting they would only “return the blow” in response to the US cyber aggression, details Sophos.

In the last hours the attacks have continued, but for Wisniewski the good news is that the Russians have not used cyber attacks to destroy or interrupt basic services in Ukraine; however, “we must not rest on our laurels”.

Concerns that cyber warfare will have consequences in other countries have increased. The need for companies and other entities to be prepared to deal with these incidents has become visible.

For Albors, from ESET, most countries are perfectly aware of cyber warfare, “another thing is that sufficient resources are allocated, especially in the defensive part.”

“We have to wake up to a reality that is upon us, it is absolutely necessary to be aware of what can be done with cyber weapons. Let’s think about what would happen in our country if they knocked down the electricity grid and the ATMs didn’t work”, emphasizes Rosell, from S2 Grupo, for whom investment, both public and private, in cybersecurity must be increased, also in Spain.