Geopolitics Non-Military Security Technology and Innovations

Hacked satellites, attacks on Wagner’s websites or shutdown of emergency services. What does cyberwar in Ukraine look like?

Lucia Kobzová

For almost a year and a half now, the ongoing conflict in Ukraine has been accompanied by numerous cyber operations by which both sides have sought to support their military efforts and the success of attacks on the ground. Although cyberwarfare is taking place on a much smaller scale than expected at the beginning of the conflict, recent months have been marked by increasing activity in cyberspace.  Hackers have succeeded in shutting down satellites used by the Russian military, new cybercriminal groups are emerging, existing ones are rapidly expanding, and Russian bombings are often supported by hacking activities against Ukrainian emergency and humanitarian services. What have the last few weeks of conflict in Ukraine brought in cyberspace?

A shutdown of Russian satellites

One of the more significant hacking activities was the shutdown of satellite systems used by the Russian military and federal agencies. These were satellites of a well-known telecommunications service provider – the Russian operator Dozor-Teleport. The systems were down for approximately 14 hours, and communications had to be rerouted via the terrestrial network. However, the attacker has not been identified so far. Several groups have claimed responsibility for the attack. Among them was Yevgeny Prigozhin’s Russian private army, known as the Wagners. In fact, the hacking operation took place just days after Prigozhin’s invasion of Russia. Some analysts say the confession may have been false, with an interest in further dividing Russian society. Playing against this argument is the fact that the attack is largely similar to a Russian intelligence (GRU) operation from the beginning of the war against Ukraine. It involves the use of the same techniques as the attack on the Viasat operator used by the Ukrainian army. Thus, the Wagners may have observed the GRU’s techniques while working with them and subsequently used them against Moscow.

Cyber attacks against Ukrainian rescuers

Ukrainian emergency and humanitarian services have become targets of large-scale cyber operations, particularly during Russian bombing campaigns. This issue was highlighted in a report by Cloudflare, a provider of DDoS protection services known for its Galileo project. Galileo helps organizations worldwide defend against malicious code infections and vulnerabilities in web applications, aiming to ensure web services remain accessible by preventing overwhelming requests. Several Ukrainian entities responsible for crisis management, including emergency services and humanitarian aid providers of essential resources like water, food, and medicine, utilize Cloudflare’s services. The Cloudflare analysis revealed that these organizations experienced a heightened frequency of cyber attacks, especially during Russian bombardments. These attacks orchestrated by Moscow are intended to enhance the success of Russian military efforts and hinder Ukraine’s ability to mount an effective response. The Cloudflare report emphasizes the interconnectedness between activities in the physical realm and cyberspace. Although the cyber attacks may not be primarily destructive or severely disrupt Ukrainian organizations’ functioning, they play a crucial role in critical situations by causing delays in the attacked party’s ability to respond appropriately. Disabling important services, for instance, can hamper coordination and communication between security forces and the military, rendering them unable to operate in a cohesive manner.

The number of pro-Russian hackers has increased by a staggering 2400%

Another interesting finding is the analysis of the activities of the well-known pro-Russian cybercriminal group NoName057(16). They are particularly notorious for a project called DDoSia, which has seen a 2,400% increase in membership in the last year of conflict. In total, this leaves the group with approximately 10,000 hackers at its disposal. As the project’s name suggests, their DDoS attacks have been directed mainly against the West. The project operates through the Telegram platform, where hackers can join malicious activities. After following simple steps, the user receives instructions and tools to carry out a DDoS attack. Hackers are then paid for their activities. It depends on their skill and the extent of the damage done. However, Prigozhin’s paramilitary group also faced attacks by NoName057(16). It happened on 24 June, when the Wagner group decided to advance in the direction of Moscow. It is once again possible to trace the interconnectedness of the activities in the physical and cyber realms.

New pro-Russian groups

Microsoft has also managed to identify a new hacking group working with the Russian GRU called Cadet Blizzard. The group is believed to be behind the large-scale attack, also known as WhisperGate, which occurred in January 2022, about a month before the invasion. The targets were government agencies, non-profit organizations, and emergency services. However, this is just one of many cybercrime groups directly tied to the Kremlin. Although these armies of hackers are meant to help Russia win the war, the success of their operations remains questionable. The ongoing war in Ukraine is expected to witness a significant escalation in cyber operations aimed at enhancing the military situation for both sides involved. However, it is unlikely that we will witness cyber attacks of a fundamentally destructive nature. This is primarily due to Ukraine’s notable improvement in cybersecurity capabilities, which have received substantial support from Western allies in the cyberspace domain. A noteworthy example of this support is the cyber lab in Kyiv, a project funded by the European Union. The primary objective of this initiative is to provide training to the Ukrainian armed forces in the field of cyber defense. As a result, Ukraine has been rapidly gaining momentum in bolstering its cyber defensive capabilities, while Moscow’s cyber offensive capabilities have remained relatively stagnant. Considering this asymmetry, it is improbable that the Kremlin will be able to launch cyber attacks in the future that would result in significant negative consequences for Kyiv. The increased cybersecurity measures implemented by Ukraine, coupled with the support from Western partners, have positioned the country in a favorable stance to counter cyber threats effectively.

Photo credit:

This brief is supported by

NATO’s Public Diplomacy Division

The Latest