Neither a thundering cyberattack, nor a flat calm, but a perfectly organized enterprise of constant harassment aimed at Ukraine: this is the reality of the digital side of the aggression of the country by Russia, three months after the start of the conflict.
At the start of the invasion, some experts expected a rampage of cyberattacks causing massive damage in Ukraine to accompany the first Russian tanks and missiles. This major cyberattack never came, prompting questions and debates among cyberspace observers, some believing that Russia had insufficiently prepared the “cyber” aspect of its invasion, or even purely and simply abandoned this field of the conflict.
Three months after the start of the offensive, however, we are beginning to see things more clearly thanks to the work of analysts and cybersecurity experts. Numerically, Ukraine has not been spared, far from it, and Russia has put all its forces into the battle, in a prepared manner and in concert with its military operation.
This is one of the lessons of a Microsoft report published at the end of April. The American company’s experts had access to a lot of data from computers located in Ukraine. According to them, six separate hacker groups belonging to the Russian intelligence and security services, using eight different software, carried out “nearly forty” attacks aimed at destroying data and rendering computer networks unusable, either “two to three a week” since the days before the invasion. These attacks targeted Ukrainian state services and the country’s critical infrastructure.
This wave of attacks was prepared for a long time: Microsoft says it found signs of it as early as March 2021. According to the company, the first movements of Russian troops to the Ukrainian border are then accompanied by digital espionage operations targeting the Ukrainian army. In mid-2021, Russian hackers are continuing their operations, looking for information on the army, diplomacy or humanitarian actors present in the country. They also penetrate organizations likely to act as a gateway to target Ukraine and its NATO allies: this is the case, for example, of a Ukrainian army subcontractor, which has been hacked. At the end of the year, the Russian pirates place their counters in preparation for the attacks with destructive aims launched from the invasion.
Attacks consistent with Russian objectives
While the impact of these cyberattacks has probably been low on the battlefield, these digital offensives are, however, perfectly in line with Russian strategic objectives, which consist in “disrupt or degrade Ukrainian government and military functions and [à] undermine public confidence in these very institutions”explains Microsoft again.
Russia has thus been held responsible for the attack which targeted modems connected to the Viasat satellite network. This operation, of an unprecedented nature, caused a major disruption of the military communications of the Ukrainian army while the Russian army began its invasion attempt. Another example of this synergy between digital and military operations, the launch, the 1er march, of destructive software against a “large broadcasting company”, according to Microsoft, which does not name the latter. On the same day, Russian strikes targeted the Kyiv TV tower, disrupting the broadcast of some channels.
The Ukrainian authorities remain very discreet about the damage caused by the attacks. In recent weeks, they have even multiplied statements suggesting that the worst was over and that their defenses were able to curb attacks, the number of which would have stabilized. “We are the first country in the world to have survived cyberwar and won it” the head of the Ukrainian cybersecurity agency Yuriy Schyhol welcomed journalists on May 4. “There was not a single significant victory for the Russians” in cyberspace, boasted Mikhaïlo Fedorov, the Ukrainian digital minister, in mid-May. Somewhat in reverse of these statements, Microsoft pointed out in its report that the various Russian cyberattacks had indeed “disrupted the functioning of the organizations targeted”.
Ukraine’s good resistance to these attacks can be explained, in part, by the foreign aid received by the country. Several specialized Western companies regularly assist Ukraine on the digital front: Microsoft claims to have established a “secure line of communication” with the authorities from the start of the conflict to assist them in their defense mission. America’s Cyber Command also carried out a reconnaissance mission to Ukraine in December. Moreover, even if kyiv has never officially recognized it, the country undoubtedly receives a lot of information from Western authorities, particularly the United States, concerning computer threats. Finally, in the same way as Ukrainian fighters have been hardened by eight years of armed conflict in the Donbass, cyber defenders can count on a long experience of Russian digital offensives, which did not begin with the war.