Cyber-attacks have played a major role in the build up to Russia’s invasion of Ukraine as western agencies uncovered a new malware being used to target Ukrainian banks and institutions.
Over the past few weeks, Ukraine’s government departments and financial institutions have been subjected to an ambush of cyber-attacks carried out by Russian-backed actors.
The severity of these attacks has seeped outside of Ukraine’s boarders with the US, UK, Poland and Lithuania among the countries warning that organizations should prepare for Russian-backed cyber-attacks within their own territories.
In a statement released on 24 February 2022, the UK’s National Cyber Security Centre (NCSC) said: “Following Russia’s further violation of Ukraine’s territorial integrity, the NCSC has called on organizations in the UK to bolster their online defenses.”
Cyber-attacks on Ukrainian institutions continued both before and after Vladimir Putin’s announcement of the "special military operations" in the Donbas region on 24 February 2021.
Recent attacks saw Ukrainian government sites and banks hit by a distributed denial-of-service (DDoS) attack which disrupted sites including the Ministry of Foreign Affairs, Ministry of Defense, Ministry of Internal Affairs, the Security Service of Ukraine and Cabinet of Ministers.
NetBlocks, an internet mapping organization, also confirm a significant disruption to internet service in Kharkiv, Ukraine’s second largest city, on the morning of 24 February 2022.
New malware detected
Following the latest cyber-attacks, UK and US agencies, including the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of Investigation (FBI), delivered a joint statement about a new malware associated with the GRU, Russia’s intelligence agency.
The joint advisory said that a new malware, dubbed Cyclops Blink, had been identified and was being used by the actor Sandworm, also known as Voodoo Bear, and is likely a replacement for the VPNFilter malware exposed in 2018.
The deployment of Cyclops Blink could allow Sandworm to remotely access networks.
An advisory from the NCSC said: “[Cyclops Blink] has been deployed since at least June 2019, fourteen months after VPNFilter was disrupted. In common with VPNFilter, Cyclops Blink deployment also appears indiscriminate and widespread.”
Cyber-attacks will continue
Speaking on the attacks, Melissa Griffith, senior program associate with the Science and Technology Innovation Program at The Wilson Center in Washington, DC, said that these types of cyber operations were here to stay.
“The risks they pose and the harms they cause cannot be ignored,” she said. “States in general and Russia, in particular, can and have leveraged them to shape the environment (or circumstances) in their favor through intelligence collection and sabotage, as well as spreading fear, uncertainty, and distrust. These operations directly and negatively impact Ukrainians' lives.”
Griffith added that the recent cyber operations and DDoS attacks were just one element of a much larger and pressing set of national security concerns, with cyber-attacks just one piece of the build-up that has ultimately led to land warfare.
“The consequences from a land war are far graver than any cyber operation Russia has carried out or may carry out in the future,” Griffith remarked.
Image: Russia launched military operations against Ukraine following a slew of cyber-attacks (Source:Wiki Commons)