Ukraine hacks fuel concerns over cyber conflict with Russia


Hackers temporarily shut down dozens of Ukrainian government websites on Friday, causing no major damage but fueling simmering tensions while Russia massed troops on the Ukrainian border. Separately, in a rare gesture to the US at a time of cool relations, Russia said it had detained members of a major ransomware gang targeting US units.

The events, although seemingly unrelated, occurred during a hectic period of activity when the US publicly accused Moscow of preparing and creating a pretext for another invasion of Ukraine. They stressed that cybersecurity remains a key concern – that escalating hostility risks not only actual violence but also harmful digital attacks that could hit Ukraine or even the US

The White House said Friday that President Joe Biden had been briefed on the disruptions targeting about 70 national and regional government agency websites, but did not specify who might be responsible.

But even without attribution of responsibility, Russia has been suspected with its history of bombarding Ukraine with harmful cyberattacks. Ukraine’s security service SBU said preliminary results of an investigation pointed to the involvement of “hacker groups linked to the Russian intelligence services”. SBU said the perpetrators “hacked the infrastructure of a commercial company that had administrative access to the websites affected by the attack.”

The White House said it is still evaluating the impact of the defacements but has so far described it as “limited”. A senior administration official, meanwhile, said the White House welcomes news of the arrests of suspected members of a ransomware gang in Russia, an operation Moscow says was carried out at the request of US authorities.

The official, who briefed reporters on condition of anonymity, said one of those arrested was linked to the Colonial Pipeline hack, which last year caused days of gas shortages in parts of the United States. The White House understands the arrests have nothing to do with tensions between Russia and Ukraine, the official said.

Russia’s previous cyber-operations against Ukraine included hacking its voting system ahead of the 2014 national elections and its power grid in 2015 and 2016. In 2017, Russia unleashed one of the most damaging cyber-attacks ever, the NotPetya virus, targeting Ukrainian companies and causing damage worldwide amounting to more than 10 billion US dollars (around 74.387 billion rupees). Moscow has previously denied involvement in cyber attacks on Ukraine.

Ukrainian cybersecurity experts, backed by more than $40 million (roughly Rs. 296,625) in support from the US State Department, have since stepped up defenses of critical infrastructure. NATO Secretary General Jens Stoltenberg said on Friday the alliance would continue to provide “strong political and practical support” to Ukraine in the face of cyber attacks.

Experts say Russian President Vladimir Putin could use cyberattacks to destabilize Ukraine and other ex-Soviet countries that want to join NATO without having to send troops. Tensions between Ukraine and Russia are running high, with Moscow massing an estimated 100,000 troops near its sprawling border with Ukraine.

“If you’re trying to use it as a stage and a deterrent to prevent people from moving forward with NATO considerations or whatever, cyber is perfect,” said Tim Conway, a cybersecurity instructor at the SANS Institute, last week versus AP.

The main question for the website’s defacements is whether they are the work of Russian freelancers or part of a larger state-sponsored operation, said Oleh Derevianko, a leading private sector expert and founder of cybersecurity firm ISSP.

A message posted by the hackers in Russian, Ukrainian and Polish claimed that the Ukrainians’ personal information had been leaked online and destroyed. It told Ukrainians to “be afraid and expect the worst”. In response, the Polish government noted that Russia had a long history of disinformation campaigns and that the Polish in the message was flawed and clearly not a native speaker.

Researchers at global risk think tank Eurasia Group said the defacements in Ukraine “do not necessarily indicate an impending escalation of hostilities by Russia” – they are at the bottom of the ladder of cyber options. They said Friday’s attack “was trolling and sending a message that Ukraine could see worse things coming.”

The defacements followed a year in which cybersecurity became a major concern due to a Russian government cyberespionage campaign targeting US government agencies and ransomware attacks launched by Russia-based criminal gangs.

On Friday, Russia’s Federal Security Service (FSB) announced the detention of members of the REvil ransomware gang. The group was behind last year’s 4th of July weekend supply chain attack that targeted software company Kaseya and crippled more than 1,000 businesses and public organizations worldwide.

The FSB claimed to have dismantled the gang, but REvil effectively disbanded in July. Cybersecurity experts say its members have mostly switched to other ransomware syndicates. They doubted on Friday whether the arrests would significantly affect ransomware gangs, whose activities have only moderately slowed after high-profile attacks on critical US infrastructure, including the Colonial Pipeline, last year.

The FSB said it ransacked the homes of 14 group members and seized over RUB 426 million (about Rs. 41.66 billion), including in cryptocurrency, as well as computers, crypto wallets and 20 elite cars “tipped with criminally acquired.” money were bought”. All those arrested are charged with “illegal circulation of funds,” a crime punishable by up to six years in prison. The suspects were not named.

According to the FSB, the operation was carried out at the request of the US authorities, who had identified the leader of the group. It is the first significant public action by Russian authorities since Biden warned Putin last summer that he must crack down on ransomware gangs.

Experts said it’s too early to know if the arrests signal a massive crackdown by the Kremlin on ransomware criminals — or if they were just a piecemeal attempt to placate the White House.

“One way or another, getting the conviction will send the strongest signal as to whether there really has been a shift in Russia’s tolerance of cybercriminals going forward,” said Bill Siegel, CEO of ransomware response firm Coveware. said in an email.

Yelisey Boguslavskiy, research director at Advanced Intelligence, said those arrested were likely lower-level partners — not the people running the ransomware-as-a-service, which disbanded in July. REvil also appears to have ripped off some subsidiaries, leaving it with enemies underground, he said.

REvil’s attacks disabled tens of thousands of computers worldwide and resulted in at least $200 million in ransom payments.

Such attacks drew significant attention from law enforcement agencies around the world. Hours before the US announced its arrests, European law enforcement officials revealed the results of a month-long 17-nation operation that has arrested seven hackers linked to REvil and another ransomware family.

The AP reported last year that US officials have since shared a small number of names of suspected ransomware operators with Russian officials.

Brett Callow, a ransomware analyst at cybersecurity firm Emsisoft, said whatever Russia’s motivations, the arrests “are sure to send shockwaves through the cybercrime community. The gang’s former associates and business associates will invariably be concerned about the repercussions.”

Check out the latest from the Consumer Electronics Show on Gadgets 360 in our CES 2022 hub.


Please enter your comment!
Please enter your name here