Emma Woollacott Contributor Updated on: 12 August 2022
Image by Shutterstock
Even before its invasion of Ukraine, Russia had been attacking the West. How effective are its techniques?
The world watched aghast, when on February 24 this year Russian tanks rolled into Ukraine and rockets started to rain down.
However, in many ways this wasn’t the real start of the conflict. Even before the invasion, Russia was making good use of cyberwarfare techniques, in a rather less visible campaign.
In January, malware known as WhisperGate was found circulating in Ukraine by the Microsoft Threat Intelligence Center, designed to render targeted devices inoperable. Similar to the notorious NotPetya malware – unleashed by Russia in 2017 – WhisperGate led to the defacement of at least 70 government websites, with a further 10 subject to “unauthorized interference.”
Meanwhile, just days after the invasion, SentinelLabs revealed the existence of HermeticWiper, which was infiltrating Windows devices and rendering them inoperable, while a series of distributed denial of service (DDoS) attacks took Ukrainian banking and government websites offline.
The Russian strategy
In a recent report, Microsoft characterises Russia’s strategy as depending on three distinct and sometimes coordinated efforts – destructive cyberattacks within Ukraine, network penetration and espionage outside the country, and more generally cyber-based influence operations targeting people around the world.
“The recent and ongoing destructive attacks have been sophisticated and more widespread than many reports recognize,” says Brad Smith, Microsoft’s president and vice chair.
“And the Russian army is continuing to adapt these destructive attacks to changing war needs, including by coupling cyberattacks with the use of conventional weapons.”
In one example, a cyberattack on the Odesa city council in southern Ukraine was carried out simultaneously with cruise missile strikes against the city.
However, according to James Andrew Lewis of the Center for Strategic and International Studies (CSIS), such coordinated kinetic and cyber warfare has largely failed to make much impression.
“Coordinating cyber and kinetic actions requires a high degree of planning and staff work that Russia either chose not to do or was incapable of doing,” he writes. “The timing of some Russian cyber operations suggests they were intended to support conventional operations but were unsuccessful.”
Russia has also been carrying out network penetration and espionage elsewhere, with Microsoft having identified network intrusion efforts against 128 organizations in 42 countries outside Ukraine.
However, it says, this targeting has been successful only 29% of the time, with just a quarter of these intrusions leading to exfiltration of an organization’s data that could be fully confirmed.
Russia’s attempts to misinform
Another major element of Russia’s campaign has been misinformation. This is a broad-brush effort, targeting the Russian population to drum up support for the war, as well as attempting to undermine Ukrainian confidence and targeting US and European populations to damage Western unity and blur the narrative.
These efforts, too, appear to have been largely unsuccessful – outside Russia, at least. While misinformation-tracking company NewsGuard recently identified 250 websites spreading Russian disinformation about the war, there’s little evidence that the world is falling for it in any significant way.
That, though, isn’t to say that Russian efforts won’t become more efficient. And, warns CSIS, China or even Iran may have learned from the Russian experience – with China better equipped than Russia, and likely to have better planning.
According to Atlas VPN, China has launched 24 cyberattacks this year, almost as many as Russia’s 27. And, it warns, with growing tension between China, Taiwan, and the US, such attacks could happen even more often in the second half of 2022.