Ukraine Cyber Defenders Prepare for WinterRussian Hackers Target Energy, Law Enforcement Sectors
Ukrainian cyber defenders are girding for an onslaught of cyberattacks against energy and other critical infrastructure sectors as cold weather returns to the country, currently in its second year of fending off a Russian war of conquest.
That warning from the State Service of Special Communication and Information Protection of Ukraine comes as Kyiv has observed Russian state hackers also stepping up attacks against law enforcement in a likely bid to keep tabs on the gathering of evidence concerning war crimes, the agency said in a Tuesday report.
"Particularly in spring, we observed their particular focus in targeting of law enforcement and prosecutor general office. And our conclusion is that this activity is directly linked to their goal of finding information about prosecutions and about investigations on Russian cyber war criminals," SSSCIP Chief Digital Transformation Officer Victor Zhora told reporters during a Tuesday press conference. Besides spying on information submitted to international tribunals, Moscow may be attempting to get ahead of Ukrainian criminal prosecutors by shuttling suspected war criminals to Russia, Ukraine said.
A commission established by the United Nations Human Rights Council said Monday there is "continuous evidence" of Russian war crimes in Ukraine, including attacks against civilians and against the energy sector. Russia did not respond to the commission's findings, which include systematic torture and rape, Reuters reported. On Thursday, Russia resumed cruise missile attacks against the Ukrainian energy sector after a six-month lull, the news wire also reported.
Although missiles - for obvious reasons - are the principal weapon in Russia's power outage arsenal, Russian military intelligence hackers known as Sandworm have not stopped digital forays into the Ukrainian power grid.
Sandworm, also tracked as Seashell Blizzard and Voodoo Bear, has targeted Ukraine with cyberattacks for more than half a decade. The attacks include two disruptions of the electricity grid prior to Russia's February 2022 invasion of its European neighbor.
In the past six months, Sandworm has deployed new wiper malware variants, including at energy infrastructure, with the intention of causing outages and ruining computer equipment, the SSSCIP report states.
"Unfortunately, since the winter is coming, the risks in critical infrastructure and particularly in the energy sector are getting higher," Zhora said.
Information concerning the Zaporizhzhya nuclear plant is also a target of Russian cyberespionage, the report says. It is Europe's largest nuclear facility, located roughly 100 miles from the front line of fighting on Russian-controlled territory.
Pro-Russia hacktivist groups such as Turla, XakNet, KillNet, NoName057(16), Anonymous Russia and Cyber Army of Russia remain active, the SSCIP also writes. Ukrainian and outside experts say the groups' main usefulness to the Kremlin is in information operations rather than actual hacking (see: KillNet DDoS Attacks Further Moscow's Psychological Agenda).
But they also serve as potential reserves or new recruits for state hacking groups, Zhora told reporters. Russian intelligence agencies monitor the groups' Telegram channels for talent they can recruit, particularly as state hackers look to add more manpower to their operations, he said.