On March 19, the State Service for Digital Protection of Ukraine released its weekly report, in which it claimed 3,000 cyberattacks against the country since the Russian invasion began on February 24. Some of them can be found mentioned on the timeline offered by the Cyber Peace Institute website since the beginning of the conflict: among the most recent ones are phishing campaigns aimed at Ukrainian citizens and organizations, as well as the government and the armed forces.
The Russian hacker criminal group InvisiMole is said to be behind one of these campaigns. Following the invasion of Ukraine, ContiLeaks – the publication of the encrypted chats of the members of the most notorious criminal group operating in Russia, the Conti Gang, which on February 24 communicated their “full support of the Russian government” and the use of “all possible resources to strike at the critical infrastructure of the enemy” – has also been a topic of discussion.
In the official Ukrainian report, it is stressed that these attacks are concentrated “on the financial and state sectors, as well as on telecommunications.” Still, what continues to be remarkable is the limited destructive impact that these attacks have had so far, a mystery that many have tried to solve by now, a month after the outbreak of the conflict.
The official Ukrainian narrative is understandably aimed at diminishing the offensive capabilities of the enemy: “The potential of Russian hackers is probably overestimated,” reads the report, “because under the current conditions they have proved incapable of organizing sophisticated cyberattacks.”
This analysis is echoed by the assessment of U.S. General Paul Nakasone, director of the NSA and commander of the U.S. Cyber Command, questioned on the matter before the Senate Intelligence Committee, who emphasized the “hard work” done by the agencies to fortify Ukraine’s digital defenses after the devastating attack with the NotPetya ransomware in 2017.
But as analyst Jacquelyn Schneider told the New Yorker, the explanation could be even simpler, and more dramatic: what’s the point of digitally damaging infrastructure that’s being razed to the ground?
“If you’re already at a stage in a conflict where you’re willing to drop bombs, you’re going to drop bombs.”
But the Ukrainian report also points out that the Russian digital effort is now focused consistently on defense: shielding itself in turn from hacker incursions against Russia and its infrastructure. This includes the operations of the digital war declared on Russia by Anonymous.
Here as well, the information circulating has a high chance of being misleading. On Friday, one of the Twitter profiles claiming to have a link with the group triumphantly announced they had hacked the Russian Central Bank, and that they would release more than 35,000 confidential files within 48 hours. However, this was denied by another account tied to the group, which asked people to wait for the evidence of the “hit.”
