A recent presentation by a senior Ukrainian government cyber security official gave some valuable insight into the military dimension of Russia’s cyber war against Ukraine.
The Russian government, armed forces, criminal and paramilitary groups have performed cyberattacks against Ukraine’s Critical National Infrastructure (CNI) and military since Moscow’s first invasion in 2014. Most of the cyber war coverage has focused on the CNI attacks. The Ukrainian government has been targeted in cyberspace along with the country’s financial institutions and industry.
In February, Google’s Threat Analysis Group (TAG) published figures relating to the cyber conflict. TAG’s Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape divided Russian cyberattacks into three types: Those focused on espionage, information operations and destruction. Russian cyberattacks have three strategic goals: Undermine the Ukrainian government, fracture Ukraine’s international support and maintain Russian domestic support for the war.
Between 2021 and 2022 of the 150 government entities attacked by Russian cyber warriors, 13.8 percent were related in some way to the Ukrainian military, the TAG report continued. One of Russia’s largest cyberwar actors is her GRU military intelligence unit.
Military targets have included foreign materiel manufacturers, Ukrainian defence companies, foreign militaries of governments supporting Ukraine and the North Atlantic Treaty Organisation. These attacks focused on the operational/strategic dimensions of the war. Specifically, the attacks aimed to disrupt military supplies to Ukraine and to steal information which may be militarily useful to Russia. Armada has documented Russian tactical cyber operations against the Ukrainian military in the past.
Tactical and Operational
In late April Victor Zhora, one of Ukraine’s senior cyber officials, shed light on the tactical cyber dimension during a presentation to the Royal United Services Institute (RUSI). RUSI is a London-based think-tank. He said that cyberattacks are often performed in coordination with Russia’s kinetic attacks and manoeuvre. Primarily, these attacks are intended to enhance the efficacy of both.
A well-documented cyberattack Russia was performed against the Viasat satellite communications system on 24th February; the first day of Russia’s second invasion of Ukraine. As reports said, the attack spread beyond Ukraine into some European users of Viasat’s KA-SAT network. Fortunately, the attack was rapidly remedied with a software fix for Viasat ground infrastructure affected by the attack. Mr. Zhora said the attack intended to disrupt communications between the government and Ukraine’s armed forces. Fortunately, the KA-SAT network was predominantly being used by the Ukrainian government as a back-up trunk link for the military. This helped blunt the effect of the attack.
Mr. Zhora said that the espionage dimension of Russia’s cyberattacks against Ukraine have focused on trying to steal intelligence which could be useful to Russia on the battlefield. Cyberattacks are intended to help the Russian military gain tactical and operational advantages. Cyber espionage efforts have extended to the attempted theft of information on military assistance provided to Ukraine by her allies.
Russian cyber operations continue to focus on the military side of the conflict, alongside attacks against Ukrainian civilian targets, CNI and targets in allied nations. Cyberattack is supporting Russia’s war at strategic, operational and tactical levels. Despite this, the disruption caused by Russia’s cyber war writ large is lower than expected, said Mr. Zhora. He attributes this to the acumen of Ukraine’s cyber experts and to assistance the country has received from abroad. Mr. Zhora concluded with a positive note, “we will definitely prevail,” he told delegates.
by Dr. Thomas Withington
