Since Russia’s decision to attack Ukraine, the country has been subjected to unprecedented waves of cyberattacks in addition to economic sanctions.
Since the beginning of the Russian invasion, a real digital army has been put in place to defend Ukraine and try to disrupt Russia as much as possible. Daily, the “IT Army” posts a list of targets on a Telegram group for people wishing to participate in the conflict without taking up arms.
Most attacks remain “simple”. This is DDoS of many websites such as online payment services, government services, food delivery companies… in short everything that can disrupt the daily life of Russians. The DDoS denial of service attack consists of saturating the request servers to make them inoperative. However, among its DDoS attacks, other attacks using malware or ransomware have also been spotted by specialists.
An unusual situation for Russia
When we think of hacking and cyberattack, it is easier to imagine a group of hackers affiliated with Russia attacking other countries than the other way around. And yet, since the start of the conflict, Ukraine has also used massive DDoS to disrupt its adversary.
In this war of attrition, Ukraine is showing itself to be particularly innovative by setting up, through the IT Army, tools for automating attacks in order to cause as much disruption as possible, as simply as possible.
A website has also been set up to follow the evolution of the state of the targets and to share technical guides for the most novices. Please note, we would like to remind you that launching a cyberattack (even a DDoS) is not a game and is not without risk.
In the end, many sites are regularly out of service and Russians have apparently become accustomed to seeing their television programs regularly disrupted as well.
A disturbing action, but insufficient
According to a Kaspersky analyst, DDoS attacks are starting to decrease to a “normal” level, however Ukraine’s attacks are lasting longer. Instead of minutes, some services remain unavailable for hours. The longest attack would have disabled a site for 177 hours (over a week).
While it’s a good way for Ukrainian sympathizers to support the country without having to take up arms, DDoS is at most a mere annoyance according to the CEO of Hacken (Ukraine) and “doesn’t have much effects in relation to the final objective, and the final objective is to stop the war”.
A good point, however, is the observed decrease in Russian cyberattacks against Ukraine’s infrastructure, such as the one that may have recently targeted the country’s electricity system. This decrease is due to two factors.
The first being that Russia is now obliged to “improvise”, having no more attacks prepared for a long time (which has the effect of reducing the “quality” of the attacks). The second is due to the fact that the country must also focus on its own defense against external attacks.
A rather discreet cyberwar
Since the beginning of the conflict, the impact of electronic warfare seems rather limited. Apart from a few high-profile attempts, everything seems to be happening in the shadows. In addition to helping launch DDoS attacks, Budorin has set up a bounty system rewarding the discovery of bugs and security vulnerabilities on the Russian side.
According to him, more than 3,000 reports have been drawn up. These are database leaks, login credentials or worse, vulnerabilities allowing remote code execution on Russian systems. This kind of flaw would have allowed activists to recover hundreds of gigabytes of data and millions of email addresses.
Intelligence is a key element in a war and it is difficult to perceive the impact of these cyberattacks on the ongoing conflict. Nevertheless, such a mass of recovered data could have repercussions not only on the conflict directly, but also on the years to come.
For several years, Russia has been developing its own national “internet”, isolated from other networks. After carrying out tests, Moscow seems to have set up a copy of the government sites on this network. Although completely isolating the country from the internet would be an extreme measure at this stage, the increase in attacks seems to be pushing the Russian government to prepare for this move.