Cyberwarfare

Cyberwar In The Ukraine Conflict

At this moment, the globe is suffering in unexpected ways.

The Ukrainian crisis has burst into a major confrontation, and no matter what happens next, the world will never be the same. We know people and conference organizers that live in both Ukraine and Russia and needless to say; we hope that the crisis can be resolved.

There is little question that the human cost will outlast the impacts of artillery, and we hope that calmer heads will triumph eventually and fast, especially with the threat of nuclear war looming large – at least – this is what we all hope for.

But what about Cyberwar? Was it effective? Where can you learn more?

Cyberwar Attacks Have Increased Significantly

Immediately following the outbreak of the war, a spike of over 900 percent in suspected Russian-sourced cyber-attacks was reported within a two day period.

United States cybersecurity agencies, the FBI, and the Department of Homeland Security have all issued high-level alerts about threat levels, readiness, and response. This is the most urgent situation imaginable. Today, hostile cyber warfare is one of the key instruments of the contemporary global military, and there is little doubt that this chain of global events has been planned for quite some time. Historically, when geopolitical tensions are high, malevolent state-sponsored cyber-activities have increased.

We don’t know what kind of assaults will develop, or which will succeed, but given the history of prior international attacks, we must keep a look out for:

  • Advanced Persistent Threats (APTs)
  • Malware
  • Ransomware
  • DDoS
  • Network attacks

Cyberwar Knowledge. Where Can You Learn More?

One of the most recommended ways to learn more about this subject-matter is by attending Cyberwar Conferences. We list all the major ones that take place every year.

Ukraine’s And The World’s Future Is Unknown And Frightening

Following the start of hostilities on Thursday, the European Union, the United Kingdom, and the United States all imposed hefty economic penalties against Russia. The European Union sanctions issued by President von der Leyen include limiting Russian access to modern technology and software in order to undermine Russia’s future military-industrial capacity and economic potential. Other international penalties will freeze Russian assets and impede the use of global banking networks and Western markets by Russian financial institutions and people.

Sanctions and a breakdown in diplomatic ties between Russia and the West must also be addressed in terms of Russia’s likely response. Several warnings have recently been issued by Western cybersecurity authorities. The European Union Agency for Cybersecurity (ENISA) and CERT-EU, the United Kingdom’s National Cyber Security Centre (NCSC), and the United States’ Cybersecurity and Infrastructure Security Agency (CISA) have all issued advisories advising organizations to strengthen their security posture in preparation for the heightened cyber threat environment created by the situation in Ukraine.

CISA Alert AA22-011A offers a bleak picture of the scope of hostile cyber activities ascribed to Russian Advanced Persistent Threats (APTs) targeting Western targets over a long period of time.

There is evidence that the cyberspace war in Ukraine is already well started, with patriotic Russian hackers launching DDoS attacks against Ukrainian government and defense organizations in tandem with the Russian military’s coordinated operations.

However, direct hacking is not the only risk to which Western firms may be vulnerable. CISA issued Alert TA17-181A in 2017 after the NotPetya data encryption assault was conducted against users of Ukrainian tax accounting software. The malware’s lateral maneuvering extended its reach well beyond the intended target.

The infection quickly propagated throughout the linked networks that comprise the contemporary economy by using user credentials stored in memory. The breach experienced by the shipping and logistics company, Maersk, is one illustration of the possible consequences of assaults like NotPetya. Despite not being the intended target of the ransomware, Maersk networks were breached by the hack, which resulted in 50,000 infected endpoints spread over 320 facilities in 150 countries, necessitating repair. The cost to Maersk was estimated to be roughly $320 million, but with the corporation controlling 18% of worldwide container transportation, the potential economic impact of a targeted and prolonged cyberattack is evident.

Organizations in the West should also be wary of using cyberattacks to acquire unauthorized access to financial assets and to undertake espionage operations to get sanctioned technological skills. While national cybersecurity authorities’ advise emphasizes network perimeter management and monitoring, the SolarWinds Orion software supply chain assault in 2020 taught us that network security should be seen as fragile.

CISA Alert AA20-352A describes the cyberattack that affected SolarWinds Orion clients and demonstrates the scope of its impact, which included US government agencies, critical infrastructure groups, and private sector companies. Whereas Russia and other nation-state adversaries are expected to direct future cyberattacks at the acquisition of sensitive technical data, cryptocurrency theft to offset foreign exchange restrictions, or targeted disruption of the critical infrastructure supporting Western economies, increased depth of defense inside the network perimeter will be critical to the protection of data and applications.

Some analysts see the February 26, 2013, publication in the Military-Industrial Kurier (VPK) of an article titled “The Value of Science in Foresight” [in Russian] by the Russian Chief of General Staff, General Valery Gerasimov, as a watershed moment in Russian military doctrine and the start of an explicit hybrid cyberwarfare strategy.

Indeed, information and cyber operations were key to Russia’s 2014 invasion of the Crimean Peninsula. Nonetheless, the main point of Gerasimov’s paper is that new techniques of fighting may be devised to compensate for asymmetric disadvantages caused by a stronger opponent force. Such approaches need the use of the whole military-industrial complex to produce technological and tactical advancements, the fruits of which can be seen in the expansion of APT actors and computational propaganda operations noticed by Western countries and their allies.

While we can only hope for a quick conclusion to the war in Ukraine, the long-term effects of Russian military participation will go well beyond the battlefield. Gerasimov’s lesson is that renewed attention and rapid invention and adoption of new technologies to safeguard the data and apps on which Western societies rely is now a need, not a choice.

In Conclusion

In what has been dubbed the “fifth realm” of military operations, differences between war and peace, combatant and civilian, state actor and criminal proxy are blurred.

If you’re interested in learning more about the fifth realm” we’d recommend this article from the Journal of International Relations.

Collective cybersecurity in reaction to the rising threat of cyberattack would necessitate not just governmental leadership, international coordination, and industry collaboration, but also active engagement of firms and individuals in the manner of Cold War civil defense. We are all now on the front lines of cybersecurity as a result of the disruption in the international order caused by Russia’s military activity in Ukraine.

The Fascinating Ineptitude Of Russian Military Communications

It’s clear to all military observers that the Russian invasion of Ukraine has not gone to plan.

What’s fascinating to me is the fact that Russian military units are using unencrypted channels for their communication. It’s a bit like using plain old FTP to access your web server.

The Video

This video, created by the New York Times, perfectly demonstrates radio transmissions intercepted from Russian soldiers in Ukraine.

What you hear in the video are real-time battlefield communications between rank and file units on the front lines.

The video clearly reveals a Russian military that is facing major challenges to get air support and fuel, and even possibly committing war crimes. It’s not clear to many analysts and western intelligence why some Russian military units are using unencrypted frequencies. What it means is that people with access to a radio receiver can listen in and record their conversations or interfere.

One of the key objectives with Cyber warfare is jamming communications whilst also being able to transmit encrypted communications; and for obvious reasons. Many of the cyber warfare events that we list address these two major military priorities.

The folks at the New York Times collected hundreds of recordings painstakingly captured by ham radio operators and open source groups across the world. These groups, include the following:

The video above focuses on radio intercepts from the first 24 hours of the Russian assault on Makariv, a small town along a strategic highway heading towards Kyiv.

These intercepts provide a unique, unadulterated look into the activities of an invading force beset by communication and logistical issues.

Is This Video Legit?

So how did the creators of this footage determine these were Russian troops speaking? By combining visual evidence and eyewitness testimonies with these radio interactions. Listen to this transmission of a combat in the hamlet of Motyzhyn, for example. Yug-95 claims that his unit withdrew from the conflict and lost an armored vehicle known as an MT-LB. This corresponds to a Telegram message from Makariv’s mayor about an hour earlier, as well as recordings confirmed by The New York Times showing Russians entering Motyzhyn that afternoon.

In this video you can also see Russian armour littering the area the next day, including at least one MT-LB, like Yug-95 reported.

Motyzhyn is just one of many specific battle locations around Makariv that we heard Russian troops mention on the radio intercepts. They cross-checked these with visuals we geolocated to document sites and times of Russian military activity.

What they were able to capture are mostly visual and audio fragments, not necessarily the full sequence of events. The video creators were able to piece together the dynamics that were playing out on the ground during the initial attack on Makariv, which was a quiet location until late February 2022, by stitching them together. Locals see Russian military trucks heading into the neighborhood that morning. Russian servicemen may be heard on the radio delivering tactical updates within hours. Throughout the invasion, Russians publicly reveal attack plans for all to hear. Their language is frequently abrasive. Residents may witness firefights raging from their windows.

Incompetence?

In the video you can hear repeated orders to strike an entire residential area after it’s cleared of so-called property, which is likely code for Russian personnel or equipment. Visual evidence and interviews show multiple instances where Russians appeared to have openly fired on civilians around Makariv. The security camera footage (as seen in the embedded video above) shows a Russian armored vehicle firing several rounds into this sedan without any apparent warning or provocation. The passengers, an elderly couple, were killed instantly.

Russian soldiers did suffer considerable losses, as evidenced by videos and photographs. We also hear a panicked transmission from a unit under assault at one moment. There are also times when the call sign Buran-30 (a call sign operator) sounds as though he is on the verge of crying.

You can hear how communication issues postpone crucial pleas for air help despite growing fatalities in a series of radio exchanges. Air support has yet to come after thirty minutes. According to video footage, several Russian regiments were not only assaulted, but also abandoned. The radio conversation is rife with troops who are short on essential supplies.

HAM Radio Jamming

Ukrainian interlopers taunting Russian troops on their open radio channels pose a new threat to Russian forces.

Russian military are now communicating with additional code phrases and telephones, but communications are still being disrupted.

Many generals have been utilizing unprotected phones and radios, which has resulted in at least one of them being traced down and assassinated by Ukrainians.

The battle is still going on, and we’re all hoping for a quick resolution.