EXECUTIVE SUMMARY:

Russia’s invasion of Ukraine marked the unexpected escalation of an eight-year conflict that began with Russia’s annexation of Crimea in 2014. This illegal annexation represented the first time that a European state had seized a foreign territory since World War II.

Ukraine was once a cornerstone of the Soviet Union, representing the second-most populous and powerful of the fifteen Soviet republics. It was arguably central to Russia’s identity and vision for itself and for the world.

Across three decades of independence, Ukraine has tried to forge its own path as a sovereign state while aligning itself with Western institutions, including the EU and NATO.

The 2022 full-scale invasion of Ukraine sent shockwaves through the global community and left millions of people scrambling for ways to escape eruptions of violence.

Although there is much to be said about the conflict on a variety of fronts, the aspect of the war that we’ll focus on here and now pertains to the forces used during the conflict, specifically, cyber warfare tactics.

Cyber environment: Wiper malware

In general, wiper malware have rarely been seen in the wild. However, experts observed that the sporadic use-cases that appeared prior to the Russo-Ukrainian war occurred within conflict zones. In relation to the Russo-Ukrainian war, nine wiper malware were deployed within the span of a single year.

On the eve of the ground invasion last February, three wiper malware were deployed: HermeticWiper, HermeticWizard and HermeticRansom. Shortly thereafter, another cyber attack was directed at the Ukrainian power grid…Many of the wipers were developed by various Russian intelligence services and employed divergent wiping and evasion mechanisms.

As wiper malware began to see more of the light of day during 2022, Check Point researchers noticed it spreading around the world. Iranian affiliated groups attacked targets in Albania using wiper malware and then a mysterious Azov ransomware, which is in fact a destructive data wiper, surfaced across computers in several nations.

Cyber environment: Further damage

A series of other cyber attacks have been deployed against Ukraine, with the intention of disrupting civilian life and lowering morale.

And starting in September, cyber security researchers began to observe that highly sophisticated attacks were no longer wreaking havoc on Ukraine alone. Rather, cyber attackers had turned their attention to several EU-based countries that displayed hostility towards Russia.

Cyber environment: Ukraine’s response

Ukraine’s response to cyber hostilities has improved since the start of the war. The Head of the UK’s Intelligence and Cyber Security Agency called the improvements, “the most effective defensive cyber activity in history.”

The country now manages the “IT Army of Ukraine,” an army of volunteer IT specialists who now conduct military-like operations. Anti-Russian hacktivism has affected Russian infrastructure, financial institutions and of course, government entities.

Once considered off-limits among cyber criminal circuits, attacks on Russian businesses have increased. At present, it can be tough to tell what is official “IT Army” hactivism, vs. hackers in basements who are operating independently.

Looking ahead

The Russo-Ukrainian war is not the first major conflict involving cyber warfare, but the scale of the cyber warfare operations are unparalleled.

Get more insights here. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.