Russia-Ukraine Tensions May Strike World War Fears, But There’s New Battleground in Town: The Cyber Space
The world has changed over the last few decades, and so have traditional methods of war, incorporating new boundaries to attack and areas to incapacitate — a country’s cyber space. With tensions flaming up in Russia and Ukraine, and the West in the fray, there is a lot to watch out for in terms of possible cyber attacks by the country, which has been connected to similar operations in the past — NotPetya and WannaCry in 2017.
This time around, however, these could spill over globally, according to reports, prompting a cyberwar on a bigger scale than ever seen before. News18 takes a deeper look into the issue:
The Now: Operation ‘Bleeding Bear’ and WhisperGate
On Tuesday, Ukraine’s defense ministry networks and two banks were knocked offline, with Ukraine’s information security center pointing the finger at neighboring Russia.
In another attack, last month, approximately 70 Ukrainian government websites were defaced, and the hackers disseminated ominous messages in Ukrainian, Russian, and sloppy Polish, according to a report by NPR.
It appeared to be a large-scale attack, but it only affected one content management system for all of those websites, Jenna Mclaughlin said, adding that according to cyber security experts, it was a fairly ‘unsophisticated’ operation, linked to a hacking group with ties to Belarus and the Russian military.
McLaughlin further mentioned that potentially destructive malware was also discovered on devices belonging to several Ukrainian companies and agencies by Microsoft. The hackers disguised it as ransomware, but when activated, it wipes data and renders devices inoperable, she had said, adding that the data attacked would not be recovered.
She flagged that Ukrainian authorities had also informed of hackers looking for vulnerabilities in the energy sector, which could be ‘potentially more concerning’. The report mentions that Ukrainian officials have blamed Russia for both attacks, in their Operation called ‘Bleeding Bear’. The code of the attacks is being studied by researchers worldwide, it says.
Experts said that the malware, called ‘WhisperGate’ is also “reminiscent” of NotPetya, but added that there were structural differences between both. NotPetya also pretended to be ransomware, but it was a purely destructive and highly viral piece of code. While WhisperGate followed a similar operation, it is less sophisticated and is not intended to spread as quickly. Russia has denied any involvement, and no conclusive evidence points to Moscow, said a report by MIT Technology Review.
John Hultquist, head of intelligence for the cybersecurity firm Mandiant predicts similar cyber operations by Russia’s military intelligence agency GRU, the organisation responsible for many of the most aggressive hacks in history, both inside and outside Ukraine, the report says.
The report mentions that the GRU’s most notorious hacking group, Sandworm, is credited with a long list of greatest hits, including the 2015 Ukrainian power grid hack, the 2017 NotPetya hacks, interference in US and French elections, and the Olympics opening ceremony hack in the aftermath of a Russian doping scandal that resulted in the country being barred from participating in the games.
The Then: NotPetya, Ukrainian Power Grid Hack
The 2017 NotPetya cyberattack was aimed at Ukrainian private companies before spreading and destroying systems all over the world. Andy Greenberg, senior writer for WIRED previously said: “Ukraine has been locked in a grinding, undeclared war with Russia for the past four and a half years, killing over 10,000 Ukrainians and displacing millions more. The conflict has also seen Ukraine become a scorched-earth testing ground for Russian cyberwar tactics.”
“In 2015 and 2016, while the Kremlin-linked hackers known as Fancy Bear were busy breaking into the US Democratic National Committee’s servers, another group of agents known as Sandworm was hacking into dozens of Ukrainian governmental organisations and companies. They penetrated the networks of victims ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data. In this conflict between the two nations, the Russian hackers, in June 2017 came out with one of the most devastating cybersecurity breaches to attack networks of victims via encrypted code, ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data. This idea of destruction gave birth to NotPetya, a much bigger threat to the world than the infamous Wannacry malware,” Greenberg said in an excerpt of his book Sandworm, which chronicled the birth of cyberattack.
In an excerpt from Sandworm, the author said the malware spread not only to its intended victim, Ukraine but also to numerous machines around the world, ranging from hospitals in Pennsylvania to a chocolate factory in Tasmania. It ate into multinational corporations such as Maersk, pharmaceutical behemoth Merck, FedEx’s European subsidiary TNT Express, French construction behemoth Saint-Gobain, and FMCG behemoths Mondelez and Reckitt Benckiser. And, as its creators had not anticipated, NotPetya spread back to Russia, wreaking havoc on the state oil company Rosneft.
According to confirmation received by WIRED from former Homeland Security adviser Tom Bossert, the total loss in damages from this attack was more than $10 billion. During the investigation and study of the malware, Bossert was the most senior cybersecurity-focused official in the administration of US President Donald Trump. Even the infamous WannaCry ransomware, which spread a month before NotPetya in May 2017, was estimated to cost between $4 billion and $8 billion.
In another concerning attack, on December 23, 2015, a cyberattack on Ukraine’s power grid resulted in power outages for approximately 230,000 Ukrainians for 1-6 hours. The attack occurred during Russia’s ongoing military intervention in Ukraine and is attributed to “Sandworm”. It was the first successful cyberattack on a power grid that has been publicly acknowledged.
The hackers compromised the information systems of three Ukrainian energy distribution companies, causing the electricity supply to be temporarily disrupted. According to reports, 30 substations (7 110kv substations and 23 35kv substations) were turned off, leaving approximately 230,000 people without power for 1 to 6 hours.
The US is Also Alert, and Further Cyber Attacks Could Have Global Ramifications
US agencies on Wednesday issued a warning to US-cleared defence contractors (CDCs) about possible cyberattacks by Russian state-sponsored actors, Reuters reported. According to a joint advisory issued by the Federal Bureau of Investigation, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA), such cyber targeting was observed from at least January 2020 to February 2022.
“These ongoing intrusions have enabled the actors to obtain sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology,” according to the advisory.
The agencies urged all cleared defence contractors to take the recommended countermeasures regardless of whether they have been compromised.
The DHS intelligence bulletin suggested that if Russia invades Ukraine, a US or NATO response to the invasion could prompt Russia to launch a cyber offensive against US targets, Venture beat said in a report, adding that according to the January 23 bulletin, the attacks could range from “low-level denials of service to destructive attacks targeting critical infrastructure.”
Regulators in Europe and the United States had also earlier warned banks that Russian cyberattacks related to Ukraine tensions posed an imminent threat and urged them to prepare, Reuters had reported.
With inputs from Reuters
Read all the Latest News, Breaking News and Assembly Elections Live Updates here.
For all the latest world News Click Here
