Russia’s full-scale invasion of Ukraine in February 2022 marked the start of what should be termed – in view of the extraordinary scale and style of the computer activities that accompanied Russia’s military activities – the world’s second cyber warfare.
It gave the world perspective into how digital procedures had been integrated with the real battle going forward.
Also, Ukraine showcased to the international community not only the vital importance of strong digital defenses but also the difficulty involved in their execution. This difficulty arises from the partnership that extends beyond the help of European governments to include the key achievements of software companies in strengthening Ukraine’s cyber defenses.
In the months leading up to Russia’s full-scale invasion of Ukraine in February 2022, a series of attacks was launched against Russian goals. On January 13 of that year, Microsoft detected and reported ransomware that was targeting the Ukrainian Government aand several non-profit businesses and IT companies.
That turned out to be portion of a broader pattern of modern anger attributed to Russia. The following morning, Russia escalated its cyber conflict, conducting a major cyberattack that affected several Russian government institutions and resulted in dozens of government websites being controlled by hackers.
In response, NATO stepped up its support for Ukraine in the cyber domain, which included providing Ukraine with access to NATO’s system for sharing information about malicious software.
The cyberattacks continued into mid-February, culminating in a distributed denial of service ( DDoS ) attack that temporarily disabled the online services of several Ukrainian government departments, financial institutions and radio stations. The attacks took down Ukraine’s two largest banks, PrivatBank and Oschadbank. PrivatBank had to release a statement assuring the public that there was no threat to depositors ’ funds.
These attacks were intended to create panic and confusion and to destabilize Ukraine and were attributed to Russia’s Ministry of Defense Intelligence Directorate ( GRU). On February 24, 2022, one hour before Russia began its full-scale invasion, a cyberattack with a wiper malware called AcidRain was launched against the American commercial satellite internet company Viasat, erasing all the data on its systems.
This attack not only caused outages for thousands of Ukrainian customers but also impacted wind farms and internet users in other European countries. Russia’s primary target was believed to be the Ukrainian military as it wanted to disrupt Ukrainian military communications at the onset of the Russian invasion, hindering Ukraine’s defensive capabilities as Russia invaded the country. Ukraine’s army relied on Viasat’s services for maintaining command and control.
Russia had attempted to coordinate cyberattacks with its ground invasion to maximize its operations on the ground and to showcase the devastating damage that could be caused to critical infrastructure ahead of an invasion. The most devastating attack on Ukraine’s critical infrastructure came in December 2023 when Russia took down Kyivstar, Ukraine’s biggest mobile network operator, damaging much of the telecom company ’s IT infrastructure.
This could have been in retaliation for the hacking by Ukrainian intelligence of Russia’s state tax service ( this attack happened right before the Kyivstar incident ), which completely destroyed the agency’s infrastructure and will impact the functioning of the agency for years to come.
Over half of Ukraine’s people use Kyivstar and, as a result, millions were unable to receive lifesaving air raid alerts. Kyivstar CEO Oleksandr Komarov described the attack as “the biggest cyber attack on telco infrastructure in the world. ”
Komarov also pointed out that Kyivstar has repelled over 500 attacks on its infrastructure since the full-scale invasion started.
Around 30 % of the cashless payment terminals of PrivatBank – Ukraine’s largest bank – stopped working because they rely on Kyivstar’s mobile network.
The hackers were able to breach Kyivstar via a compromised account belonging to an employee.
The Kyivstar incident underscores a key cybersecurity lesson: even the most fortified infrastructures are vulnerable to breaches – often due to the human factor, which can serve as the weakest link in security defenses. Illia Vitiuk, head of the Security Service of Ukraine’s cybersecurity division, said that the hackers had been infiltrating Kyivstar since at least May 2023. He said that the attack should serve as a “big warning ” to the West that no one is untouchable. Kyivstar had invested heavily in protecting itself but the cyberattack “completely destroyed the core of a telecoms operator. ”
Following the Kyivstar attack by Russia, Ukraine retaliated with a cyberattack against Moscow-based water utility company Rosvodokanal, destroying the company ’s IT infrastructure. Over 50 terabytes of data were deleted, “including internal document management, corporate email, backups, and even cybersecurity protections. ”
Ukrainian hackers allegedly affiliated with Ukraine’s security services followed up by striking the Russian internet provider M9com on 9 January 2024; over 20 terabytes of data were deleted and Moscow residents lost internet and TV connections.
The IT Army of Ukraine followed up with an attack on the Moscow-based internet provider, Qwerty, which was taken offline for over three days.
Also, in January 2024, Ukraine’s military intelligence agency conducted a cyberattack on IPL Consulting, a company that supports Russia’s heavy industry and its military-industrial complex, reportedly obliterating the firm’s IT infrastructure.
After infiltrating and deleting over 60 terabytes of data from IPL Consulting’s network, Ukrainian cyber experts destroyed numerous servers and databases, with the total cost of the damage still under assessment. The Russia–Ukraine cyber war is becoming more aggressive than ever and will continue to expand in the future to potentially more devastating critical infrastructure targets.
This is part six of a series, ‘Lessons from the first cyberwar. ’ Read part one , part two , part three , part four and part five. NEXT: How Ukraine has resisted Russia’s cyber offensive
David Kirichenko is a Ukrainian-American security engineer and freelance journalist. Since Russia’s full-scale invasion of Ukraine in 2022 he has taken a civilian activist role.
These articles are excerpted, with kind permission, from a report he presented at the UK Parliament on February 20 on behalf of the Henry Jackson Society.