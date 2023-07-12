As its campaign against Ukraine grinds on well into its second year, Russia appears to be making greater use of hacktivists, "patriotic" cybercriminals, and mercenaries in its attacks on the smaller nation. Meanwhile, Western countries neighboring Russia, including recent NATO entrant Finland, have seen an upsurge in hostile attacks that pose a threat to both businesses and government institutions.

Attacks by Russia against Ukraine's government, media outlets and utilities predate the full-scale invasion of its southern neighbor by Russian forces in February 2022, stretching back to the annexation of the Crimean Peninsula in 2014. Notable attacks include the NotPetya wiper malware in June 2017 and attacks on Ukraine's power grid in December 2015 that temporarily left about 225,000 customers without power. The latter was subsequently attributed to Sandworm, a unit of Russian military intelligence (GRU).

With the full-scale invasion of Ukraine, feared attacks leading to the degradation of critical infrastructure services failed to materialize -- thanks to the experience, preparations, and expertise of Ukrainian cyber-defenders. Assistance by Ukraine's Western allies also helped to build resilience in the face of determined assaults.

Russia's cyberattacks against Ukraine have surged

Cyberattacks have nonetheless continued throughout the conflict, accompanied by something of an upsurge in activity since the start of 2023. The Computer Emergency Response Team of Ukraine (CERT-UA) handled 701 incidents between January and April of 2023, with utilities at the sharp end of attacks. About a quarter of the attacks were aimed at government agencies and the military with many of the remainder targeting the power grid, finance, transport, telecoms, and other elements of Ukraine's critical infrastructure. This compares to 2,194 attacks logged by CERT-UA throughout the whole of 2022.

The aims of Russian cyber attackers include reconnaissance (gaining information about government and public infrastructure as well as citizens), destroying infrastructure, spreading panic and distrust in local authorities, and attacking the morale of the population through disinformation and propaganda.

Russian cyberattacks against Ukraine often coincide with physical strikes by rockets and missiles and drones, according to Victor Zhora, the deputy chairman and chief digital transformation officer of the State Service of Special Communication and Information Protection of Ukraine (SSSCIP). "In some cases, we observe the coordination between cyberattacks and kinetic attacks," Zhora says. "For instance, some cyberattacks can be disruptive to [elements of the] critical infrastructure, such as telecoms. In some cases, these attacks can amplify the psychological effect of kinetic attacks."