On Wednesday February 23, Russia announced its invasion of Ukraine through a “special military operation”. Since then, fighting has continued in Ukraine, and amid the turmoil, hacking groups from the region and around the world have taken sides, threatening cyber warfare against Russia, Ukraine or the United States.
After the first day of fighting in Eastern Europe, the hacking collective Anonymous, known for its Guy Fawkes masks and events such as “Troll ISIS Day”, took a stand on the situation. On Twitter, the group announced that it was “officially in cyber warfare against the Russian government”, sparking enthusiastic responses. A day after that announcement, the group apparently claimed responsibility for taking the Russian Defense Ministry website offline. In addition, the group may also have taken down the Kremlin website and compromised Russian TV channels to broadcast Ukrainian songs. However, it is not known who is behind these attacks at this time, according to VXUnderground on Twitter.
On the other side of the war, the Conti ransomware gang initially announced on February 25 that they “fully support the Russian government.” The message on the gang’s website explained that if anyone staged a cyberattack or war activities against Russia, the group would use “every resource possible to retaliate against an enemy’s critical infrastructure.” However, the band’s tone only seemed to change a few hours later, when it was explained that the band “does not ally itself with any government and condemn the ongoing war”, but will use its full capacity to retaliate against “Western warmongers” and “American cyber-aggression.”
The Conti ransomware gang has announced that it fully supports the Russian government and will take revenge against anyone who carries out cyberattacks against Russia. pic.twitter.com/u1VwPVQULO
— DarkTracer: DarkWeb criminal intelligence (@darktracer_int) February 25, 2022
Besides Conti, it seems that individuals are starting to fight in cyberspace against Russia and Ukraine. Yesterday the BBC reported on a Russian vigilante hacker who, with a team of six, “temporarily took down a number of Ukrainian government websites, flooding servers with data in denial of service (DDoS) attacks )”. In addition, this group allegedly sent bomb threats to 20 schools, hacked the live streams of a Ukrainian “rapid response team” and set up official Ukrainian government emails using servers. Ukrainian courier.
On the Ukrainian side, calls for volunteer defensive security professionals have been made by the Ukrainian Ministry of Defence. Yegor Aushev, the co-founder of a Kyiv-based cybersecurity firm, made the call to action at the request of a Defense Ministry official who initially contacted him on Thursday. However, Reuters reports that the Ukrainian government has not responded to a request for official comment on the matter.
#Russia from 9:00 UTC; The incident comes as the government clashes with social media platforms over the politics of the #Ukraine conflict 📉
Amidst these aggressors and their proxy cybergroups are the hard-hit Ukrainian and Russian civilians. For example, Russia is now believed to have begun to cut off its citizens’ external access to the world by blocking platforms such as Twitter, as noted above. As for Ukraine, internet service was interrupted throughout the country, with increased problems in the south and east of the country. While this could be attributed to the initial invasion, there could also be ongoing cyberattacks and incursions from Russia disrupting internet service. This, in turn, restricts communication and could potentially hamper the flow of intelligence and block coordination between citizens and soldiers, giving Russia a slight advantage.
Looking west, President Joe Biden is reportedly considering cutting Moscow off from SWIFT, the global backbone of financial transactions. While this could have a significant impact on Russian business, it could also have serious ramifications for the United States. Besides groups like Conti threatening to breach US infrastructure, cutting Moscow off from SWIFT could be seen as an act of war. Despite this concern, it is unclear whether the strength of its military and the will of its people will prevent Russia from acting on new sanctions like these.
With cyberspace becoming an increasingly important area for warfare, it seems everyone is slowly learning to navigate the many factors at play. In the next 48 hours, it will be worth watching what the West is doing in terms of new sanctions and how Russia is responding to them. Additionally, it will be interesting to see if any of the aforementioned hacking groups keep their word or, for those in Russia, only participate for the support and protection of their home country.
