The Cybersecurity Risks of the Ukraine Conflict
In case you haven’t heard, Ukraine is in trouble: a spat between Russian and NATO-allied forces involving the country has spurred a territorial dispute with major implications for everybody involved.
People are saying this could mean war. The political crisis has spurred a Russian troop build-up of 100,000 soldiers at the Ukrainian border—leading to the interpretation by multiple U.S. officials that Putin’s government may have imminent plans to invade the neighboring country. America, meanwhile, has threatened to deepen its involvement if the situation deteriorates.
Amidst all this turmoil, one might be tempted to see cyber operations as something of an afterthought but, actually, digital incursions are turning out to be a critical part of the political conflict. In fact, such activities could prove to be a flashpoint that tips the action in one direction or another—for better or worse. We’ll give you a short run-down on what’s happening in that space, why the cyber situation has the potential to get ugly, and what that could mean for the stability of the situation overall.
What the hell is even happening in Ukraine right now?
First, what’s actually happening? Despite ongoing news coverage of this whole fiasco, many Americans might find themselves wondering why any of this is actually occurring in the first place.
The short answer is: NATO. Russia has demanded assurances that Ukraine will not be admitted to the U.S.-aligned, Europe-spanning defense club, but American and Ukrainian officials have so far been able to make no such promises.
Actually, the issue of Ukraine’s potential membership in the North Atlantic Treaty Organization (NATO) has been a contentious issue for decades, stretching all the way back to the end of the Cold War: We don’t really need to get into it but at one point during the Gorbachev years, George H.W. Bush’s secretary of state James Baker promised not to expand NATO along Russia’s borders…and then America proceeded to spend the next 30 years doing exactly that. This failed promise is something that Russia’s leaders—particularly Putin—have never forgotten.
The problem is that NATO is widely viewed as a tool of U.S. military power (it was created and is staffed by American defense officials, after all), which makes its growing membership of nations near Russia’s border seem—to the Russians—like “encirclement,” if not outright encroachment. Ukraine, which is a former Soviet territory, is a direct neighbor to Russia and would likely put NATO military bases right in its backyard. Historically speaking, Ukraine is also the vector by which Russia has repeatedly suffered foreign invasion—meaning that, geo-strategically, it’s not a great place for them to allow their biggest foe (America) to just sorta hang out. Add to that the fact that Pentagon top brass have talked openly about war with Russia and you have yourself a pretty sticky situation indeed.
Starting around 2014, ongoing turmoil in Ukraine—much of which has centered around conflict between pro-Russian and NATO-allied forces—has caused ongoing political upheaval in the country, including the war in Donbas and Russia’s annexation of Crimea. Amidst renewed tensions, Russia has now demanded assurances from NATO that Ukraine and Georgia, another neighboring nation, will not be given membership. But recent negotiations between Russian officials and American and Ukrainian authorities have not been going particularly well. Recently, Russia also asked the U.S. to get NATO out of its neighboring nations of Bulgaria and Romania, to which the America obviously said: Uh, yeah, we’re not going to do that.
As diplomatic negotiations have faltered, military mobilization in the region has escalated. The flood of Russian soldiers to the border has been met with a parallel stream of American arms and cash to the distressed country. The White House recently approved the transfer of U.S. anti-armor and anti-tank weapons and ammunitions from a number of NATO-friendly Baltic states—some $200 million in “lethal” aid—and President Biden has also claimed that the U.S. will send its own additional troops to eastern Europe should Russia choose to invade the country.
How hackers have targeted Ukraine
As this whole crisis has unfolded, a big part of the action so far has been cyber operations: a slow trickle of suspicious hacking activity has troubled Ukraine—leading many to believe that Russia is gearing up for something far worse.
The first sign of trouble occurred about a week ago, on Jan. 14, when droves of Ukrainian government agencies had their websites hacked and defaced. The attacks affected nearly 80 different sites and spread a fear-mongering message, written in multiple languages: “Be afraid and expect the worst.” It was an ominous sign, though defacement is a fairly amateurish attack—and some commentators have interpreted the hack as a basic intimidation tactic.
Only about a day after the defacement, however, things escalated. On Jan. 15, it was reported that a data-wiping malware had targeted the internal systems of “dozens” of Ukrainian government agencies, non-profits, and IT companies. The attack was first spotted by Microsoft’s security team, MSTIC, which published a report about it last week. According to researchers, the malware was designed to look like ransomware but was, in fact, a special kind of software “intended to be destructive and designed to render targeted devices inoperable.” It allegedly caused significant damage to numerous government agencies.
Ukrainian officials have said that the two attacks appear to have been “coordinated” to occur at roughly the same time.
Russia has denied responsibility for both of these incidents and no real evidence has been presented that would concretely link the country to the malicious activities.
However, Western authorities seem fairly confident that Russia is the culprit. Not only have American officials cast a suspicious eye on Putin’s government, but Sergei Demedyuk, deputy secretary of Ukraine’s National Security and Defense Council, recently said in an interview that he believes the defacement attack was the work of UNC1151—a hacker group with ties to intelligence in Belarus, which is a noted Russian ally.
Similarly, Ukraine’s Ministry of Digital Development has said that “all evidence” points to Russia being behind the recent malware attack on its government systems. “Moscow continues to wage a hybrid war and is actively building forces in the information and cyberspace,” the agency said in a recent press release.
The attacks—plus the allegations that Russia is behind them—have decidedly amplified tensions in the region, adding to hostilities and inspiring fears about what’s going to happen next.
Another front in the unfolding crisis involves information operations. As social media-fueled propaganda and media manipulation have become ever more powerful tools, they have also become critical weapons to governments during political flashpoints like the one occurring in Ukraine.
As such, American officials have warned of various Russian disinformation efforts, which they say represent attempts to spin the current conflict’s narrative in a pro-Russian direction.
Most dramatically, the U.S. Treasury Department recently sanctioned two members of Ukraine’s Parliament, Taras Kozak and Oleh Voloshyn, which it has dubbed FSB “pawns” and accused of “amplifying” what the U.S. says are “false narratives” about the conflict currently unfolding. The politicians, along with two other former government officials, Volodymyr Oliynyk and Vladimir Sivkovich, have been dubbed part of a plot to “destabilize” the entire country.
“Russia has directed its intelligence services to recruit current and former Ukrainian government officials to prepare to take over the government of Ukraine and to control Ukraine’s critical infrastructure with an occupying Russian force,” warned the U.S. Treasury, further claiming that Kozak and Voloshyn were leading this effort.
Similarly, the U.S. State Department also recently put out a statement refuting the narratives promulgated by Russia on why the conflict is currently occurring.
“Russian military and intelligence entities are targeting Ukraine with disinformation attempting to paint Ukraine and Ukrainian government officials as the aggressor in the Russia-Ukraine relationship,” the State Department writes. “Russia blames others for its own aggression, but it is Moscow’s responsibility to end this crisis peacefully through de-escalation and diplomacy.”
As the conflict continues, it’s likely that arguments over the framing of this entire squabble will continue to shift, as different sides seek to promote their own agenda on who is the illegitimate aggressor. Certainly Russia—with a lot to lose—will be deeply involved in trying to persuade global audiences that it’s in the right.
The potential risks of a Russian cyber war
While the recent cyber incidents have caused an understandable amount of anxiety, some commentators have noted that these attacks are actually fairly mild next to what one might expect in this situation. Indeed, if Russia really wants to stir shit up, it has significantly more hacking firepower at its disposal.
John Hultquist, VP of threat intelligence with security firm Mandiant, wrote in a blog Thursday that the cyber situation in Ukraine could become substantially worse—and that he expects Russia to engage in a number of escalating attacks as the political crisis in the region deepens.
“Russia and its allies will conduct cyber espionage, information operations, and disruptive cyber attacks during this crisis,” Hultquist wrote. “Though cyber espionage is already a regular facet of global activity, as the situation deteriorates, we are likely to see more aggressive information operations and disruptive cyber attacks within and outside of Ukraine.”
Indeed, Russia has hit Ukraine harder in the past. Much harder. In 2015, Russian hackers allegedly disabled the country’s power grid—a bold, unprecedented operation that led to a blackout in Ukraine’s capital city of Kyiv. The hackers seized control of SCADA systems, mangled IT infrastructure, and used malware to remotely switch off electrical substations—leading to hours-long darkness for some 230,000 people. A 2016 blackout is also alleged to have been the result of a similar hack.
That terrifying show-of-force is thought to have been the work of Sandworm—Russia’s most destructive hacking unit, also known as “Unit 74455.” Allegedly staffed by Russian military intelligence hackers, the group is believed to also be responsible for the devastating NotPetya attack—a 2017 malware campaign that affected countries all over the world but most grievously damaged Ukraine. The attack, which is thought to have caused as much as $10 billion in damages globally, ravaged Ukraine’s financial system at the same time that it was battling militant separatists with connections to the Kremlin. Russia was blamed for the attack, though it has denied the charges.
The point is this: Russia has the capacity to royally screw with Ukraine and anyone else, if they so choose. Most concerning is the possibility that a sustained cyber engagement in the country could spill out into a broader conflict with other nations. Notably, President Joe Biden recently commented that the U.S. will respond with its own cyber operations if Ukraine continues to be targeted—a move that could pit our hackers against Russia’s. Given everything that’s at stake, let’s just hope everybody manages to keep a clear head and refrain from any sudden movements—and maybe this whole thing can stay within the prudent ballpark of diplomacy. That’d be best, anyway.
A previous version of this story stated that George H. W. Bush had made the promise not to extend NATO. It was his secretary of state, James Baker, that made the promise.