Russia has hit Ukrainian cities with missile and drone strikes for much of the past month, targeting civilians and large swaths of the country’s critical infrastructure.
On Monday, 40% of Kyiv residents were left without water and widespread power outages were reported across the country. On Thursday, Ukrainian President Volodymyr Zelensky accused Russia of “energy terrorism” and said around 4.5 million Ukrainian consumers were temporarily disconnected from the power supply.
The destruction illustrates how indiscriminate bombing remains the Kremlin’s preferred tactic eight months into its war on Ukraine. Moscow’s vaunted hacking capabilities, meanwhile, continue to play a peripheral rather than central role in the Kremlin’s efforts to take down Ukraine’s critical infrastructure.
“Why burn your cyber abilities, if you are able to achieve the same goals through kinetic attacks?” a senior US official told CNN.
But experts who spoke to CNN suggest that the question of why Russia’s cyberattacks haven’t had a more visible impact on the battlefield is probably more important.
Effectively combining cyber and kinetic operations “requires a high degree of integrated planning and execution,” said a US military official who focuses on cyber defense. “The Russians can’t even pull off this sh*t between their aviation, artillery, and ground assault forces.”
The lack of verifiable information on successful cyberattacks during the war complicates the picture.
A Western cybersecurity-focused official said Ukrainians are unlikely to publicly reveal the full extent of Russian hacks’ impacts on their infrastructure and their correlation to Russian missile strikes. This could deprive Russia of insight into the effectiveness of its cyber operations and, in turn, affect Russia’s war planning, the official said.
Certainly, a wave of alleged Russian cyberattacks has hit various Ukrainian industries, and some of the hacks have been correlated to Russian military objectives. But the kind of high-impact hack that takes down power or transportation grids is largely lacking.
Nowhere has this been more evident than the past few weeks of Russian drone and missile strikes on Ukraine’s energy infrastructure. It is a stark contrast to 2015 and 2016 when, following Russia’s illegal annexation of Crimea, it was Russian military hijackers, not bombs, that sank more than a quarter of a million people. ‘Ukrainians in the dark.
“All Ukrainian citizens now live in these circumstances,” said Victor Zhora, a senior Ukrainian government cybersecurity official, referring to power outages and water shortages. “Imagine your ordinary day dealing with constant interruptions in electricity or water supply, mobile communication or any handset.”
Cyber operations targeting industrial facilities can take months to plan, and after the explosion in early October of a bridge connecting Crimea to Russia, Putin was “trying to get a large and showy public response to the attack on the bridge,” said a senior US official.
But officials told CNN that Ukraine also deserves credit for its improved cyber defenses. In April, Kyiv claimed to have foiled an attempt to hack electrical substations by the same group of Russian military hackers that caused blackouts in Ukraine in 2015 and 2016.
The human toll of the war eclipsed these triumphs.
Ukrainian cybersecurity officials have for months had to avoid bombings while doing their job: protecting government networks from Russian spy agencies and hackers.
Four officials from one of Ukraine’s main cyber and communications agencies – the State Service for Special Communications and Information Protection (SSSCIP) – were killed on October 10 in missile attacks, it said. the agency in a press release. The four officials had no cybersecurity responsibilities, but their loss weighed heavily on the agency’s cybersecurity officials in another dismal month of war.
Hackers linked to Russian spy and military agencies have for years targeted Ukrainian government agencies and critical infrastructure with a range of hacking tools.
At least six different Kremlin-linked hacking groups carried out nearly 240 cyber operations against Ukrainian targets during the build-up to and weeks after Russia’s February invasion, Microsoft said in April. This includes a hack, which the White House has blamed on the Kremlin, which disrupted satellite internet communications in Ukraine on the eve of Russia’s invasion.
“I don’t think Russia would measure success in cyberspace by a single attack,” the Western official said, rather “by their cumulative effect” of trying to wear down Ukrainians.
But there are now open questions among some US and Ukrainian private analysts and officials about the extent to which Russian government hackers have already used or “burned” some of their more sensitive access to Ukrainian critical infrastructure during attacks. previous attacks. Hackers often lose access to their original path in a computer network once discovered.
In 2017, as Russia’s Hybrid War in eastern Ukraine continued, Russia’s military intelligence agency unleashed destructive malware known as NotPetya that wiped out companies’ computer systems across Ukraine before spreading around the world, according to the Justice Department and private investigators. The incident cost the global economy billions of dollars by disrupting shipping giant Maersk and other multinational corporations.
That operation involved identifying widely used Ukrainian software, infiltrating it, and injecting malicious code to weaponize it, said Matt Olney, director of threat intelligence and interdiction at Talos, the Cisco Threat Intelligence Unit.
“It was all as surprisingly effective as the end product,” said Olney, who has a team in Ukraine that has been responding to cyber incidents for years. “And that takes time and it takes opportunities that sometimes you just can’t ward off.”
“I’m pretty sure [the Russians] wish they had what they burned during NotPetya,” Olney told CNN.
Zhora, the Ukrainian official who is SSSCIP’s vice president, called on Western governments to toughen sanctions on Russia’s access to software tools that could fuel its hacking arsenal.
“We should not rule out the possibility that [Russian government hacking] groups are currently working on very complex attacks that we will observe later,” Zhora told CNN. “It is very unlikely that all Russian military hackers and government-controlled groups are on vacation or bankrupt.”
Tanel Sepp, Estonia’s roving ambassador for cyber affairs, told CNN it’s possible the Russians are turning to a “new wave” of intensified cyberattacks as their battlefield struggles continue.
“Our main goal is to isolate Russia in the international arena” as much as possible, Sepp said, adding that the former Soviet state had not communicated with Russia on cybersecurity issues for months.