Russian Cyber-Invasion of Ukraine: the changing face of 21st-century warfare?
By Zhasmin Avetisyan and Anna Kenn
Beginning in the early hours of February 24th, Russia launched its assault with long-range strikes targeting military and other critical infrastructure throughout Ukraine, including near the capital of Kyiv and other major cities across the country such as the Black Sea port of Odessa, as well as eastern industrial hubs Kharkiv, Dnipro and Mariupol. Western Ukraine was not spared either, with shelling falling out in the Lviv region and new Lutsk. Along with the deadly tanks, shells, and missiles targeting military infrastructure but also civilian population comes disinformation and cyberattacks. Beyond targeting critical infrastructure and civilian objects, cyberattacks sow confusion and doubt, limiting access to accurate information, which can be highly disruptive as it creates a sense of fear and uncertainty with the prospects of needlessly displacing people.
A Timeline of Russian cyberattacks on Ukraine since 2014: never taking a break?
Inaugurating a new era of warfare, the Russian invasion of Ukraine was initiated far earlier than the arrival of Russian troops on Ukrainian territory this week might suggest. While Western intelligence services presume the current cyberattacks stem from malware injected into Ukrainian systems two to three months ago, the history of destructive cyberattacks in Ukraine stemming from Russian actors far precedes today’s conflict.
Since the annexation of the Crimean Peninsula in 2014, Ukraine has been under near-constant threat of Russian cyberattacks of unprecedented nature worldwide. A three-pronged wave of cyberattacks was Russia-initiated during the Ukrainian 2014 Presidential Elections, striving to discredit and manipulate of the vote. The attacks included infiltration of central election networks, malware to fake the outcome of the elections, and DDoS attacks blocking the election results and delaying the final tally. Those attacks were described as “among the most dangerous cyberattacks yet deployed to sabotage a national election.”
Another first-of-its-kind attack was on Ukraine’s power grid in 2015 and 2016. The former compromised energy systems of three distribution companies in Western Ukraine, leading to power outage for approximately 230 000 people, along with telephone denial-of-service attack, preventing the customers from reporting the outage, and the latter resulted in a blackout for only about an hour – yet the attack was the second-ever known case of malicious code purpose-built to disrupt physical infrastructure after Stuxnet. Despite US aid to strengthen the resilience of Ukraine’s electric grid against further Russian cyberattacks, the Ukrainian power supply remains highly vulnerable to hacking that could inflict extended blackouts as part of Russian military invasion.
Furthermore, the NotPetya wiper malware was unleashed on Ukraine’s government institutions and financial and energy sectors in 2017, targeting both private and public entities, ending up disabling millions of computers all over the world, including Chernobyl’s radiation monitoring system and US healthcare organisation but also paralysing corporations and freezing government agencies. Thus, NotPetya was described as the most devastating cyberattack in history, with a single piece of code inflicting damage for billions. In the following year, Russia repelled a cyberattack on the network equipment of the Auly Chlorine Distillation Station, supplying liquid chlorine to water and wastewater treatment facilities to disrupt Ukraine’s water supply and sewer systems.
The new wave of Russian attacks on Ukrainian critical infrastructure intensified at the beginning of this year, setting off with Microsoft’s identification of destructive malware targeting Ukrainian organisations and the hacking of Ukrainian government sites with a message saying, “Be afraid and expect the worst.” Shortly before the Russian renewed military aggression, a series of DDoS attacks took off several Ukrainian websites, including bank, government, and military websites, SMS spam messages alerted customers of Ukrainian state-owned banks about false technical malfunctions of ATMs, and over 100 organisations in the financial, defence, aviation, and IT service sectors were affected by the “Hermetic Wiper” malware attack, aiming at deleting or corrupting data. Moreover, the Kyiv Post reported constant cyber attacks as Russian aggression unfolded. All those cyber attacks aiming to create a sense of panic spread false information, and limit the public’s access to timely and accurate information during an escalating conflict, reveal how digital along with conventional offensive can be carried out overwhelmingly faster, removing the barriers of time and space, and thus changing nature of damage inflicted upon the civilian population.
Extending the nature of warfare: adapting war to the 21st century
Prolonged cyberattacks against Ukraine thus far precede the current conflict, thereby constituting a prime example of Russia’s Gerasimov doctrine, which stipulates that “when it comes to the preparation for and conduct of war, ‘non-military means, which influence the course and outcome of wars, provide and create the conditions for the effective use of military force.’” The current war against Ukraine is thus a prime example of the very hybrid warfare strategy often cited as emblematic of new generation warfare, which views non-military means, such as disinformation campaigns and cyberattacks on critical infrastructure, including water, electricity, and telecommunication services, as integral to any conventional war efforts.
It is thus highly significant that the German foreign minister, Annalena Baerbock, offered Ukraine cyber support rather than conventional arms support. While this certainly also reflects the German government’s traditional hesitancy to deploy arms to conflict zones, the European Union similarly offered support by sending a cyber defence team, thereby accentuating the relevance of cyberwarfare to national security. Wars of the 21st century are thus no longer waged, solely physical, but also increasingly with cyber weapons. This advent of cyber weaponry significantly questions the monopoly of force, often cited as a paramount characteristic of any sovereign state, by granting hacktivists, such as Anonymous, the possibility to leak databases of the Russian Ministry of Defence, or even halt train operations in Belarus in protest against Russian aggression.
Yet, the difficulty in cyberattacks attribution also lowers the threshold of attacks on critical infrastructures, such as energy and water supply facilities. Significantly, cybersecurity experts warn that it remains unclear whether countries can deter state-sponsored cyberattacks but most likely could only focus on “limiting damage and reducing downtime.”
Amidst reports of “network and telecoms disruptions” during attacks on the city of Kharkiv in Ukraine’s East, Russian cyber and physical attacks appear to serve as tools of mutual impact reinforcement. Besides creating confusion and distrust by taking down or manipulating official government websites, the societal harm of cyberattacks remains of immeasurable extent given the wide impact Internet or energy outages during bombings of Ukrainian cities may have on the resistance of the Ukrainian population to Russian attempts of turning public opinion against Zelenskyy’s government. Furthermore, cyberattacks on transportation infrastructure, such as temporarily making the Ukrainian national railway company’s website unfunctional, may create mass hysteria amongst those seeking to flee the country Westwards by preventing them from purchasing train tickets.
Towards a future of global cyberwarfare?
While the effect of the malware employed this week has so far largely been limited to Ukrainian infrastructure, the deep embedment of Ukrainian host servers into the global economy’s IT networks, with “more than 100 of the world’s Fortune 500 companies rely[ing] at least partially relying on Ukrainian IT services,” is symbolic of the increased global exposure to malware attacks. This exposure delimits the potential of disastrous consequences of cyberattacks far beyond the scope of territorial borders.
Furthermore, Western intelligence services predict that the asymmetrical response to the economic sanctions imposed on Russia in response to its aggression towards Ukraine will further increase cyberattacks on critical infrastructure in the countries imposing the sanctions. Therefore, the US and Germany have activated security protocols demanding national companies to heighten safeguards against cyberattacks.
Notably, President Biden allegedly has been presented with a myriad of cyber operations against Russia in response to its invasion of Ukrainian territory, ranging from shutting down the Internet to more targeted attacks. Thus again highlighting the increasing significance of cyberattacks as offensive and defensive tools critical to national security.
Significantly though, no nation-state has yet declared ”an all-out cyberwar,” and President Biden is said to have resisted a cyberattack on Russia out of concerns of escalating the conflict further. Yet, the Russian invasion of Ukraine certainly marked a new era of geopolitical insecurity in Europe, thus putting the assumed certainties of today at risk of being overcome by tomorrow. Besides inaugurating a new age of geopolitical turmoil, this war may also have inaugurated an era of the first all-out cyber warfare.
The views expressed in this article are the author’s own, and may not reflect the opinions of the Sciences Po Cybersecurity Association.