Russia’s campaign against Ukraine, which has been ongoing for over two years, has seen an increase in the use of hacktivists, cybercriminals, and mercenaries by Russia. Western countries neighboring Russia, including Finland, have also experienced a surge in hostile attacks, posing a threat to businesses and government institutions. The cyberattacks by Russia on Ukraine predate the full-scale invasion of Ukraine in 2022 and have continued throughout the conflict.
According to the Computer Emergency Response Team of Ukraine (CERT-UA), there were 701 cyber incidents handled between January and April of 2023, with utilities being the main targets. Government agencies, the military, and various critical infrastructure sectors, including the power grid, finance, transport, and telecoms, have also been targeted. This marks an increase compared to the 2,194 attacks logged in 2022.
The aims of the Russian cyber attackers include reconnaissance, destroying infrastructure, spreading panic and distrust in local authorities, and attacking the morale of the population through disinformation and propaganda. These cyberattacks often coincide with physical strikes, amplifying the psychological effect of the kinetic attacks.
Ukraine has received international support, both from its Western allies and from a group called the “IT Army of Ukraine,” which consists of Ukrainian and foreign volunteers. This group has disrupted Russian entities through DDoS attacks, doxing Russian military members and officials, conducting defacement attacks, data breaches, and psychological warfare. They have also raised awareness of the conflict among Russian citizens whose access to real-time information has been censored by the Russian state.
Russia, on the other hand, has established a hacktivist community called Killnet, which has conducted disruptive attacks against institutions in Ukraine and NATO countries. The attacks mainly involve DDoS attacks, which cause temporary disruptions but do not have a lasting impact.
It is believed that the Russian government has some level of involvement in influencing hacktivist and cybercriminal operations, although the extent of their involvement is unclear. Pro-Russian hacktivist groups often claim to carry out attacks on Russia’s enemies but may actually be fronts for various Russian government agencies.
The tactics and targets of Russian cyberattacks are constantly shifting. The Russian military intelligence (GRU) is primarily involved in destructive attacks against Ukraine, while the Russian FSB security agency targets intelligence operations worldwide. Russian cyber operations have taken a dramatic change, with quick, destructive attacks targeting edge devices like firewalls and routers. Financially motivated groups are also sometimes encouraged to attack Ukrainian targets with reassurance from the Russian government that they will not be prosecuted.
Despite crackdowns on some cybercriminal groups, Russian hacktivists continue to play a nuisance role inside Ukraine and globally. Finland has seen a spike in attacks since joining NATO, with Russian jets carrying out incursions into Finnish airspace. There is believed to be a relationship between Russian hacktivists and the Russian government.
In conclusion, Russia’s use of hacktivists, cybercriminals, and mercenaries in its campaign against Ukraine has increased. Western countries neighboring Russia have also experienced an upsurge in hostile attacks. Ukraine has received international support in defending against cyberattacks, while Russia has established its own hacktivist community. The tactics and targets of Russian cyberattacks are constantly changing, posing ongoing threats to critical infrastructure and cybersecurity.