The UKRAINE-RUSSIA CYBER WAR explained

7 min readNov 2, 2022

Introduction

On Thursday, February 24, 2022, Europe shakes. The whole world — horrified. A new phase begins. The world in which we live, as we perceive it, changes. Because a new war begins. In the middle of Europe.

Russian tanks are rolling into Ukraine. Helicopters transport Russian soldiers. Loud jets can be heard flying by over Kiev. Hell on earth begins for the more than 40 million inhabitants of Ukraine.

No one wanted to believe it. No one wanted to imagine it. Everyone hoped otherwise. But the Kremlin had planned it long before.

This war did not even start on 24th February. No, this war, started already a month before, in January. And the soldiers, did not hold Kalashnikovs in their hands. No, the soldiers were typing on keyboards.

This story is about the cyber war between Russia and Ukraine.

The Beginning

A month and a half before the war begins in the real world, Russia is already waging a cyber war against Ukraine. On January 14, 20222, Russian hackers cripple over 70 Ukrainian government websites.

A day later February 15th, more government websites and banks are crippled. The hackers replace text on the websites with the message “Be afraid and expect the worst.” The hacker attacks were likely carried out by the GRU, Russia’s military intelligence agency.

8 days later February 23, more DDoS attacks follow. Also, a destructive malware is used — A Wiper malware. This malware is used against Ukrainian government organization and banks. After the malware reaches its target. It destroys all documents, files and directories. The organizations lose access to their data….

On February 24, what everyone was afraid of happened. Russia invades Ukraine. At the same time as the invasion, the satellite network operator Viasat is hacked. A faulty update for the Central and Eastern European region is uploaded. The Ukrainian military lose their access to the network. Two hacker groups are behind this hack: Sandworm and Fancy Bear. Both groups are attributed to Russian foreign intelligence.

Anonymous has seen enough. They declare war on Russia. Thus, directly one day later, Anonymous succeeds in hacking online presences of Russian media. The Kremlin’s propaganda arm is also among the victims: Russia Today. Anonymous places their own message on the channels of the media. They warn the Russian people: “Putin is lying to them and putting them in danger”.

A few days later, Ukrainians have something to celebrate. The military gets help from a tech millionaire. Elon Musk is deploying Starlink in Ukraine. With it, the Ukrainian military can now drive precision drone strikes. A game changer!

On February 26, 2022, Ukraine has had enough. It creates its own hacker army. What makes it special: The hacker army consists of volunteers. Anyone who wants to help Ukraine can do so. All you must do is join Ukraine’s Telegram channel. There, for the first time, Ukraine publishes a long list of Russian government websites. They invite hackers to hack these sites.

On February 28, Google also participates in the war. Google, together with Ukrainian authorities, decides to issue real-time traffic data within Ukraine via Google Maps. Thus, Russia can no longer use Google Maps to locate possible positions of Ukrainian forces.

On the same day, a Russian ransomware group also steps in. The hacker group Conti attributes its support to Russia’s war. They threaten all foreign forces. If anyone interferes in the war, Conti will compromise the critical infrastructure of this country.

However, this is backfiring. A Ukrainian affiliate who hacked for Conti doesn’t like it at all. He publishes the source code of the ransomware and internal chats on Twitter. He writes “Glory to Ukraine”.

March

The cyber war has been active for almost two months now. In March, thousands of Russian residents receive an SMS. The message says that their media is being censored. That the Kremlin is lying. And that you get the truth via Telegram. And that people should overthrow dictator Putin.

On March 7, cyber-attacks on Russia continue. Anonymous hacks state television and many other Russian streaming providers. They show videos from the war and the message, “Ordinary people in Russia are against the war.”

3 days later, Anonymous announces another success. They were able to steal over 360,000 files, 800 GB of data volume from the Russian censorship agency Roskomnasdor. These documents show how Russia censors war.

In mid-March, Anonymous recorded another successful hack. They hacked oil companies Rosneft and Transneft and were able to exfiltrate data. They also hacked Russian government agencies, online stores, and printers to send another message to the Russian people.

April

Already in the first week of April, April 3, Anonymous publishes personal information of 120,000 Russian soldiers stationed in Ukraine. They post the link to the data on Twitter.

On April 6, 2022, another corner of the world becomes a potential victim of this cyber war. The U.S. government just barely managed to discover a malware designed to attack critical infrastructure. At the same time, Anonymous hacks the Kremlin’s surveillance systems and posts video footage on Twitter.

A day later, Russia expands its cyber offensive. The Russian hacker group Fancy Bear begins targeting Europe and the United States. Microsoft was able to fend off the hacker attacks just in time.

More attacks on critical infrastructure follow on April 8. Russian hackers attempted a cyberattack on a power substation. However, this was fortunately averted.

Conclusion

Unfortunately, the war between Russia and Ukraine is not over yet. Businesses, government agencies, NGOs and critical infrastructure are still exposed to the dangers of cyber war.

With every day, with every sanction against Russia, the danger grows that we too will fall victim to Russian hackers. Not for nothing does the Federal Office for the Protection of the Constitution advise caution. The BSI also warns against Russian hackers. For example, on March 15, the BSI issued a warning against the use of the Russian antivirus program Kaspersky. It said it was unclear to what extent Kaspersky could be used by Russian hackers to spy on and compromise companies and individuals. Kaspersky sued against this warning — to no avail.

The last example shows that not only Ukrainians suffer, but also Russian companies and the Russian population. Nowadays, hacking is an integral part of modern warfare. Under these circumstances, especially businesses and civilians suffer, who are now exposed to more dangerous cyber threats.

If you want to read more about Cyber War, Cyber Crime or Cyber Security, follow me on Medium!

Cyber space is dangerous. Take care of yourself.