Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Ukraine Digital Army Brews Cyberattacks, Intel and Infowar

Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.

Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.

“We are really a swarm. A self-organizing swarm,” said Roman Zakharov, a 37-year-old IT executive at the center of Ukraine’s bootstrap digital army.

Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.

Zahkarov ran research at an automation startup before joining Ukraine’s digital self-defense corps. His group is StandForUkraine. Its ranks include software engineers, marketing managers, graphic designers and online ad buyers, he said.

The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.

“Both our nations are scared of a single man — (Russian President Vladimir) Putin,” said Zakharov. “He’s just out of his mind.” Volunteers reach out person-to-person to Russians with phone calls, emails and text messages, he said, and send videos and pictures of dead soldiers from the invading force from virtual call centers.

Some build websites, such as a “site where Russian mothers can look through (photos of) captured Russian guys to find their sons,” Zakharov said by phone from Kyiv, the Ukrainian capital.

Advertisement. Scroll to continue reading.

The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.

It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.

A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.

But is it legal? Some analysts say it violates international cyber norms. Its Estonian developers say they acted “in coordination with the Ministry of Digital Transformation” of Ukraine.

A top Ukrainian cybersecurity official, Victor Zhora, insisted at his first online news conference of the war Friday that homegrown volunteers were attacking only what they deem military targets, in which he included the financial sector, Kremlin-controlled media and railways. He did not discuss specific targets.

Zakharov did. He said Russia’s banking sector was well fortified against attack but that some telecommunications networks and rail services were not. He said Ukrainian-organized cyberattacks had briefly interrupted rail ticket sales in western Russia around Rostov and Voronezh and knocked out telephone service for a time in the region of eastern Ukraine controlled by Russian-backed separatists since 2014. The claims could not be independently confirmed.

A group of Belarusian hacktivists calling themselves the Cyber Partisans also apparently disrupted rail service in neighboring Belarus this week seeking to frustrate transiting Russian troops. A spokeswoman said Friday that electronic ticket sales were still down after their malware attack froze up railway IT servers.

Over the weekend, Ukraine’s minister of digital transformation, Mykhailo Fedorov, announced the creation of an volunteer cyber army. The IT Army of Ukraine now counts 290,000 followers on Telegram.

Zhora, deputy chair of the state special communications service, said one job of Ukrainian volunteers is to obtain intelligence that can be used to attack Russian military systems.

Some cybersecurity experts have expressed concern that soliciting help from freelancers who violate cyber norms could have dangerous escalatory consequences. One shadowy group claimed to have hacked Russian satellites; Dmitry Rogozin, the director general of Russia’s space agency Roscosmos, called the claim false but was also quoted by the Interfax news agency as saying such a cyberattack would be considered an act of war.

Asked if he endorsed the kind of hostile hacking being done under the umbrella of the Anonymous hacktivist brand — which anyone can claim — Zhora said, “We do not welcome any illegal activity in cyberspace.”

“But the world order changed on the 24th of February,” he added, when Russia invaded.

The overall effort was spurred by the creation of a group called the Ukrainian Cyber Volunteers by a civilian cybersecurity executive, Yegor Aushev, in coordination with Ukraine’s Defense Ministry. Aushev said it numbers more than 1,000 volunteers.

On Friday, most of Ukraine’s telecommunications and internet were fully operational despite outages in areas captured by invading Russian forces, said Zhora. He reported about 10 hostile hijackings of local government websites in Ukraine to spread false propaganda saying Ukraine’s government had capitulated.

Zhora said presumed Russian hackers continued trying to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — to infect the devices of individual citizens. Three instances of such malware were discovered in the runup to the invasion.

U.S. Cyber Command has been assisting Ukraine since well before the invasion. Ukraine does not have a dedicated military cyber unit. It was standing one up when Russia attacked.

Zhora anticipates an escalation in Russia’s cyber aggression — many experts believe far worse is yet to come.

Meantime, donations from the global IT community continue to pour in. A few examples: NameCheap has donated internet domains while Amazon has been generous with cloud services, said Zakharov.

RelatedRussia, Ukraine and the Danger of a Global Cyberwar

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cyberwarfare

ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.