In addition, the SSCIP and CERT-UA found Russian information operations also heavily consisted of disinformation campaigns, identifying the Media sector as a key target, where targeting resources and or accounts. Disinformation campaigns support Russia to undermine the truth, sow discord, and limit access to timely and accurate information . By influencing public opinion, Russia continues its attempts to undermine confidence in Ukrainian policies and government, and to destabilise international support for Ukraine. This is of course not new, as we have historically observed Russia engage in widespread disinformation campaigns, and we are likely to observe this as the war continues into 2024.
In the opposing corner, the IT Army of Ukraine disrupted Russian Internet providers in territories occupied by Russia, “Miranda-media”, “Krimtelekom” and “MirTelekom”. Over the last two years, hacktivism has underscored the increasing prevalence of non-traditional actors participating in cyberwarfare, and war more generally. Whilst this has taken the shape of both state-backed and non-state-backed hacktivism, the latter has been notably evident in both sides of the war. Concerns regarding whether these groups may have a greater appetite for attacks than known state groups continue to be raised.
Disruption and Hacktivism
Destructive Operations
In addition to the above, destructive attacks were also observed in 2023, predominantly conducted by the Russian APT group Sandworm. These attacks seek to eradicate targeted infrastructure to ensure maximum chaos and destabilisation. In December 2023, Ukraine’s largest telecommunications provider Kyivstar was targeted, destroying the core of the telecoms operator. The Solnstsepek group, who are believed to be linked to Sandworm, subsequently claimed the events. This concerned one of the most destructive cyber- attacks conducted by Russia against Ukraine since the onset of the war, which as a result, left an estimated 25 million subscribers without internet connection. The threat actors are reported to have been on the network since May 2023, demonstrating how APTs can often remain in systems undiscovered until the moment of attack. The events are being emphasised as a warning to the West that no one is untouchable, and thus of potential threats to come.
Distributed Denial of Service (DDoS) attacks were prevalent throughout 2023. From January to March alone, DDoS accounted for 87.5% of all cyberattacks recorded by the CyberPeace Institute. From January to March alone, DDoS accounted for 87.5% of all cyberattacks recorded by the CyberPeace Institute. Whilst differing cyber threat actors are engaged in DDoS, hacktivists on both sides, such as Russia’s Killnet and Ukraine’s IT Army have remained active. Notable events include KillNets’ DDoS attacks against US hospitals in response to Western support for Ukraine, as well as their reported targeting of NATO websites. Likewise, in collaboration with groups such as Anonymous Sudan, believed to be part of Killnet, Killnet threatened to target critical banking infrastructure SWIFT, in response to increased Western aid to Ukraine.
58
Made with FlippingBook - PDF hosting