IE 11 is not supported. For an optimal experience visit our site on another browser.

As Russia amasses troops, Ukraine battles another threat: Digital warfare

A new wave of cyber operations began in earnest Jan. 13, when computers in Ukraine started showing signs of the first serious hacking campaign since Russia’s troop buildup.
Image: Ukrainian border guards patrol the area near the frontier with Russia in the Chernihiv region
Members of the Ukrainian State Border Guard Service patrol the area near the frontier with Russia in the Chernihiv region, Ukraine on Feb. 16, 2022.Valentyn Ogirenko / Reuters

Ukrainian officials frantically spread news Tuesday that their country was under cyberattack, with different arms of the government announcing different findings.

Ukraine’s State Service of Special Communication and Information Protection said that four major websites, two related to the military and two of the country’s largest banks, had been knocked offline by hackers who flooded them with web traffic. Meanwhile, the country’s Cyber Police announced a mysterious new scam: Ukrainians’ cellphones were flooded with text messages that ATMs no longer worked in the country. It was unclear whether any ATMs were actually disabled.

There’s no indication anyone’s bank accounts were affected, and most systems were restored within several hours. But the average Ukrainian probably got the message, said John Hultquist, the vice president of threat intelligence at the cybersecurity company Mandiant. 

“It’s all about undermining confidence in institutions in Ukraine,” he said. “You make people doubt that financial services are secure, that your money is secure.”

Since November, Russia has massed an estimated 130,000 troops along its borders with Ukraine, creating a monthslong standoff and ongoing warnings that armed conflict is possible, if not likely. While that tension hasn’t spilled into an all-out war, Ukraine has been repeatedly harassed with digital tactics: cyberattacks and attacks on its information operations. While Russia has denied responsibility, cybersecurity experts and Western officials say there’s little chance anyone else is behind them, given Russia’s current military activity and its long history of similar tactics against Ukraine.

Armed conflict in the region began in 2014 when Russia invaded and annexed the Crimean Peninsula and began supporting the breakaway regions of Luhansk and Donetsk, leaving 14,000 dead.

A new wave of cyber operations began in earnest Jan. 13, when computers in Ukraine started showing signs of the first serious hacking campaign since Russia’s troop buildup. Computers at dozens of Ukrainian organizations, including nonprofit groups, information technology companies and more than 70 government websites, were infected with malicious software that appeared to be ransomware, a common criminal tactic to lock up computers.

While criminal ransomware hackers demand victims pay for a key to make their computers usable again, however, an analysis from Microsoft found that the program was written so that there was no recovery key. The ransomware was merely a pretext to wreck Ukrainian computers, and the country’s Ministry of Foreign Affairs announced it suspected Russia was responsible.

That hack echoed arguably the most destructive cyberattack in history: NotPetya. Unleashed in 2017 by Russian intelligence, it also mimicked a ransomware attack and was deployed to infect Ukrainian computers. But NotPetya went too viral, spreading across the world and hamstringing accidental victims such as the Danish shipping giant Maersk or should it be A.P. Maersk-Moller? and the pharmaceutical company Merck. The United States imposed sanctions against Russia in 2018, in part because of NotPetya.

Russia has also been accused of conducting recent information warfare. The U.S. and the United Kingdom have repeatedly warned since January that Moscow has planned to disseminate false information about Ukraine attacking either Russia or Russian speakers within its borders as a potential pretext to invade Ukraine.

On Feb. 8, the Security Service of Ukraine said it had arrested operators of two troll farms, both under Russian supervision, which had created 18,000 social media accounts and were deliberately sowing panic in Ukraine.

The U.S. also believes that Russia’s spies have recently revived a decades-old tactic of planting pro-Kremlin articles in friendly news outlets. White House officials told reporters Tuesday that writers at Russia’s Strategic Culture Foundation, which the U.S. sanctioned last year as a front for Russian intelligence, have been planting articles for Ukrainian audiences. They also have published articles critical of Ukraine and U.S. support for it in Zero Hedge, a conservative English-language financial site. Zero Hedge denied the claims.

Gavin Wilde, a Russia analyst at the Krebs Stamos Group, a cybersecurity company, said that the combined digital tactics aimed at Ukraine are part of a larger effort to destabilize the country Russia may invade.

“The relatively low level of sophistication of the kinds of attacks we’ve seen thus far, coupled with the disinformation components that U.S. and U.K. officials have exposed, points to Ukrainian sociopolitical cohesion as the Kremlin’s ultimate target,” he said.