Ukraine Beats Russia in Cyberwarfare — at ‘Unprecedented Scale’
Russia is attacking Ukraine with cyberattacks and psyops. Microsoft PR is crowing about all the events Redmond has “observed.”
But wait: The scale is truly pathetic. In the early days of this (ahem) “special military operation,” experts were predicting digital carnage, as Sandworm and other Russian-state hackers destroyed Ukrainian critical infrastructure, command-and-control and mass media. But the reality is far less impressive.
Not only that, but Ukraine has been fighting back—hard. In today’s SB Blogwatch, we sift fact from fiction.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Russia’s great firewall.
Grip the Table Harder, Vlad
What’s the craic? Raphael Satter, Christopher Bing and James Pearson report—“Microsoft discloses onslaught of Russian cyberattacks on Ukraine”:
“Russian destructive cyberattacks inside Ukraine”
Russian government hackers [have] carried out multiple cyber operations against Ukraine that appeared to support Moscow’s military attacks and online propaganda campaigns. … The reported intrusions—some of which have not been previously disclosed—suggest that hacking has played a bigger role in the conflict than what has been publicly known.
…
Since the start of … Russia’s Feb. 24 invasion … Microsoft said it observed a total of 37 Russian destructive cyberattacks inside Ukraine [and that] Russia’s hacking and military operations worked in “tandem against a shared target set.” [But] academics and analysts have said Russia appeared to be less active in the cyber domain against Ukraine than expected.
Just 37? Is that all? Jacob Knutson outlines “Why it matters”:
“Directed toward critical infrastructure”
Microsoft, which is working with Ukrainian cybersecurity officials to defend against such cyberattacks, said Russia’s relentless operations have sought to degrade Ukraine’s government and military and undermine the public’s trust in those institutions. … Russia’s cyber operations have been at times directly timed with its land, air and sea attacks against Ukraine.
…
[16] attacks were directed toward critical infrastructure that could have “negative second-order effects” on the government, military, economy and people. … It also conduced a cyber-enabled influence operation to try to turn Ukrainian citizens against their government.
Only 16! What’s the other side of the story? Matt Burgess offers “Russia Is Being Hacked at an Unprecedented Scale”:
“More innovative and prolonged”
Like clockwork, every day … the Telegram channel housing Ukraine’s unprecedented “IT Army” of hackers buzzes with a new list of targets. … Russian online payment services, government departments, aviation companies, and food delivery firms have all been targeted by the IT Army as it aims to disrupt everyday life in Russia.
…
Hacktivists, Ukrainian forces, and outsiders from all around the world who are taking part in the IT Army have targeted Russia. … DDoS attacks make up the bulk of the action, but researchers have spotted ransomware that’s designed to target Russia and … a bug bounty program for people to find and report security flaws in Russian systems [revealed] leaked databases, login information, and more severe instances where code can be run remotely on Russian systems.
…
Incidents may happen without publicity or outsider knowledge. … Both Russia and Ukraine … try to disrupt each other, but the efforts against Russia have been more innovative and prolonged.
The fog of war is burning off. Proudrooster is surprised to hear that Russia is, at least, somewhat competent:
Wow Russia can do something right? … Hopefully this level of command and control never makes it down to the boots on the ground level.
No risk of that, according to Imbrium:
The only part of the Russian military that isn’t criminally incompetent or poorly maintained is their cyber unit. Of course, the daily ration of vodka and borscht is a lot cheaper than spare parts and maintenance for tanks, planes and ships.
But beware of false flag attacks, implies iron:
I’ve been saying for decades that if I were writing malware, my build server would be set to a foreign language and comments in the code would be in that language as well. I’d probably also find out which programming languages are popular in that region and learn a new one to write the malware.
And what of U.S. reaction? Jessica Lyons Hardcastle lists some alleged perps—“Feds offer big rewards for info on suspected Russian Sandworm intel officers”:
Uncle Sam will dole out up to $10 million for vital information on each of six Russian GRU officers linked to the Kremlin-backed Sandworm gang … (Unit 74455) … said to be Russian intelligence officers: Yuriy Sergeyevich Andrienko … Sergey Vladimirovich Detistov … Pavel Valeryevich Frolov … Anatoliy Sergeyevich Kovalev … Artem Valeryevich Ochichenko … and Petr Nikolayevich Pliskin. [They] have been charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft offenses. … The Sandworm crew were named by Microsoft as being part of a series of Russian-led attacks again Ukraine before, during, and after the invasion of the sovereign state.
…
Kovalev … developed spear-phishing techniques and messages that the Russian government used to target computer systems of critical infrastructure facilities … according to the State Department. … Ochichenko conducted technical reconnaissance and helped carry out these spear phishing campaigns against critical infrastructure owners and operators, it is claimed. … And the four other men … allegedly developed components of the NotPetya malware that Moscow used in 2017 to infect computer systems of hospitals and critical infrastructure facilities.
But why are we merely going after individuals? srt8driver has a better plan:
Now that we can show this has come from Russian military coordinated attacks, we put them on notice they must stop. For far too long, we have let these “cyber ops” pretend they are not military attacks. Since they clearly are, lets start treating them as such. They have real costs, so they should have real consequences.
Meanwhile, cheekyboy turns the other:
100 years late is better than never to crush Russia. Tunguska comet should have hit Moscow tho’.
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Image sauce: Russian Presidential Press Office.