Russia could ramp up cyberattacks against Ukraine in an effort to destabilize its government and economy, security experts warn, an online assault that potentially might spread to other countries, including the US.
In recent weeks, the Russian government is believed to have initiated a handful of cyberattacks against Ukraine. Last month, hacker groups linked to Russia’s intelligence services were blamed for a cyberattack that defaced dozens of Ukrainian government sites with a message warning the country to “be afraid and expect the worst.”
Days later, Microsoft said it had identified dozens of computer networks at Ukrainian government agencies and organizations infected with destructive malware disguised as ransomware.
Cybersecurity experts say the attacks could be a precursor to more serious cyberassaults on Ukraine, which Russia is determined to prevent from joining the NATO security alliance. Russia has amassed about 100,000 troops on Ukraine’s border, raising concerns Moscow may be preparing for an invasion of its neighbor. Russia annexed a portion of Ukraine in 2014.
The Russian troop buildup has prompted a flurry of diplomatic activity aimed at defusing tension. So far, those efforts haven’t been successful. US intelligence officials said Thursday they have evidence that Russia is planning to create a video that will depict a fake attack on its troops that could be used as a pretext to invade Ukraine. On Monday, President Joe Biden urged Americans in Ukraine to leave rather than risk getting caught in a potential invasion.
If Russia does invade, it will undoubtedly employ more cyberattacks as part of its military strategy, researchers say.
Adam Meyers, senior vice president of intelligence at CrowdStrike, says the current round of cyberattacks on Ukraine could indicate Russia is refining its cyber capabilities. Russia’s game plan with online attacks, he says, is to create chaos and inflame tensions between the two countries.
“From what we’ve seen in Ukraine historically, it’s almost been a laboratory of experimentation for Russia,” Meyers said.
He pointed to the NotPetya attack, which crippled computers across Ukraine in 2017. The malware locked up files like criminal ransomware would. When experts took a closer look, however, they realized that its true purpose was to destroy data rather than make money.
NotPetya did what it was intended to do — wreak havoc in Ukraine. It also spread to unintended targets far outside of that country, shutting down companies including FedEx, Merck, Cadbury and AP Moller-Maersk.
The most recent malware attacks against Ukrainian targets, dubbed WhisperGate, also appear to be bent on destruction rather than making money, Meyers said.
Of course, cyberattacks will only be part of a broader campaign if Russia chooses to invade Ukraine, with malware and online disinformation being among the many weapons the country could use.
Quentin Hodgson, a senior international and defense researcher at the Rand Corporation focusing on cybersecurity, said Russia’s cyberoperations are unique because they aren’t clearly separated from conventional military and intelligence operations as they are in other countries, including the US.
Still, Russia will likely lean on old-school military muscle to grab the attention of the Ukrainian people, he says
“At the end of the day, they’re still massing troops on the border,” Hodgson said. “That’s sending a signal that cyber can’t.”
According to a memo recently obtained by CNN, the Department of Homeland Security warned operators of US critical infrastructure, along with state and local governments, that Russia could launch a cyberattack on US targets if it feels its long-term security is threatened by a NATO or US response to what’s going on in Ukraine.
CrowdStrike’s Meyers said he thinks it’s unlikely Russia would intentionally provoke the US with a state-sponsored attack against an American target. But US companies with a presence in Ukraine, such as hotel chains, along with international aid groups and think tanks, might have something to worry about.
Russia also could just look the other way, as it has for many years, when the cybercrime gangs known to run rampant within its borders go after US targets.
While Russian government arrests of known ransomware gang members and other cybercriminals have grabbed headlines recently, President Vladimir Putin hasn’t historically been much help in bringing cybercriminals that target the West to justice, says James Turgal, former executive assistant director for the FBI’s information and technology branch.
Turgal, who now serves as vice president of cyber risk, strategy and board relations for Optiv Security, says last year’s ransomware attacks against Colonial Pipeline and meat processor JBS USA should serve as wakeup calls to all companies, especially those that can be considered critical infrastructure. Both those attacks were attributed to cybercriminals in Russia.
The NotPetya attack was a perfect example of how cyberattacks can affect countries far away from the conflict, he said.
“Whether it’s intentional or not, whether you’re a particular target or just collateral damage,” Turgal said, “the threat is real.”