The cyber battlefield is a wide and ever- evolving technical terrain. In the cyber battlefield, every participant want to gain power and struggle for dominance. Participant can be nation-states, terrorist organization or hacktivists. Cyber warfare has become a critical element of modern conflicts. It has the potential to disrupt economies, steal sensitive information, and threat to critical infrastructure. In this column, we will discuss the ongoing cyber conflicts and tactics used in these conflicts. We will also see the preventive measures to counter the cyber attacks in ongoing cyber conflicts.
Today’s is 833th day of Russia Ukraine War and war is still ongoing. It’s the burning conflict these days from the whole world. Both Russia and Ukraine are actively participating in cyber operations. Few days back, Russia used drone attacks on the windows of Ukraine’s cyber defense operation centre. Both Russia and Ukraine are struggling for steeling intelligence and attacking telecommunications, critical infrastructure and military computers. Reports says that data from 10 % Ukrainian computer’s data was erased. Ukrainian officials say that war us being fought in the shadows. Last June, petrol stations and internet providers in Russia were shut down.
Russia used Distributed Denial of Service (DDOS) attacks and malware deployment again Ukraine in their different sectors such as financial and energy. Russia used eight malware families against Ukraine for devastating purposes which are: Whisperkill, FoxBlade , SonicVote, Caddy Wiper, DesertBlade, Industroyer2, Lasainraw and Fiber Lake. After this, Russia launched four variants of new malware and these group of four variants was named as Armageddon. It was reported that Armageddon has linkages with Russia’s Federal Security Service (FSB). Security Service of Ukraine (SBU) reported that SpcaeX’s Starlink satellite internet terminals in Ukraine were jammed for some time. These SpcaeX’s Starlink satellite internet terminals were providing internet to Ukrainian government. Recently, a Ukrainian internet provider “Ukrtelecom” was also disrupted for sometime. A hacker group “Sandworm” working under Russian military intelligence (GRU) tried to deploy the Industroyer2 malware in Ukraine but the Computer Emergency Response Team of Ukraine (CERT-UA) was able to protect it’s network from Russia’s Industroyer2 malware. Russia also target the allies of Ukraine. Ukrainian authorities claim that Russia’s Federal Security Service (FSB) targeted EU governments with spear phishing attacks.
In response, several non state actors targeted Russia to support Ukraine and its allies. RuTube, a Russian video platform, was hacked for two days. Hacktivist collective Anonymous-affiliated hacker YourAnonSpider claimed that they are responsible for this hacking. Russian major television networks suddenly offline for some time. It’s responsibility was also take by Anonymous-affiliated group NB65. Russian Unmanned aerial vehicle (UAV) plans were also hacked by Anonymous group. Russian businesses and institutions including Russia’s primary intelligence services were also hacked by Anonymous and Network Battalion 65 with the collective Distributed Denial of Secrets.
There are many cyber threat actors which support Russia. GHOSTWRITER/UNC1151 is a hacker group and it is associated with governments of Russia and Belarus. It’s duties are to deal with disinformation, credential harvesting, hack and leak operations, false flag operations and espionage. Some cybercrime groups have declared themselves for supporting Russia against Ukraine and its allies. Conti ransomware group is one of them whose duties are to retaliate against the one who try to attack computer networks of Russia. Before working for Russia, Conti was influencing ransomware group which used to affect Canada. Beregini and XaKNet Team are also hacker groups, working for Russia against Ukraine and its allies. Killnet is another pro Russia hacking group and it has conducted DDoS attacks against those website of different states which are helping Ukraine. It recently target Italy’s critical infrastructure like it’s Defense Ministry, Senate and National Health Institutes. CoomingProject is also ransomware group, supporting Russia against Ukraine.
There are different hacker groups in support of Ukraine too. Anonymous is a big name which is supporting Ukraine against Russia. It has launched different cyber attacks against Russia. It has affected Russian government and Russian film industry by leaking data, wiping files, DDoS operations and hacking Russian television networks. Belarusian Cyber Partisans is also pro Ukraine hacker group, worker against Russia. Ukrainian officials claim that more than 400000 Information Technology related people has volunteered themselves for supporting Ukraine. They are named as the IT army which protects Ukrainian networks.
Both Russia and Ukraine should implement robust security measures such as firewalls, Encryption, strong passwords and multi factor authentication for protecting their cyber terrains. Using artificial Intelligence and machine learning based security tools can be helpful to counter each other’s cyber attack. Both should implement zero trust security model for remaining secured from cyber threats. Daily updating software can reduce the risk of cyber attacks for Russia and Ukraine. At last, cyber education and awareness is very necessary to combating cyber attacks in cyber battlefield.