News
Toby Lewis Commentary on Russian Cyberattacks on Ukrainian Infrastructure
September 2022 by Toby Lewis, Global head of threat analysis de Darktrace
Russia has shown an intent since their invasion to disrupt the critical infrastructure of Ukraine as part of an effort to hinder their defence - this includes the attacks against the ViaSat communications network on the day of the invasion, as well as the deployment of Indestroyer2 Wiper malware in April.
With effective counter-attacks by Ukrainian defenders pushing Russian troops further back and with increasing political and public unrest over the recent mobilisation proclamation, Russia is increasingly looking at the remaining cards it can play, and cyber-attacks have the potential to provide quick wins with no human cost for Russia.
In the run up to the invasion, many commentators were concerned about a Russian cyber-attack of international proportions with sweeping collateral damage as we saw with NotPetya in 2017. In reality, Russia was able to deploy it’s wiper malware directly into target networks, likely as a result of a pre-existing network compromise. But as the war has progressed, those pre-existing compromises will have been gradually burnt by each cycle of incident response by the Ukrainian authorities, and there will come a point where Russia may have to resort to more indiscriminate attempts to deploy their capabilities. It is at this point that the potential threat for those outside of Ukraine escalates, as those cyber operations become more haphazard and less targeted.
The Ukrainian Government has recently been able to get ahead of the attackers to issue a fairly specific warning before an attack has commenced. This demonstrates the use of intelligence, possibly supported by allied partners across Europe and NATO, to be able to see inside the planning and preparation of cyber operations and potentially provide tangible resilience against future attacks.
