How Russian cyber warfare in Ukraine could spread around the world
The domino effect for the rest of the world may not be limited to deliberate repression by Russian operatives. Unlike old-fashioned warfare, cyberwarfare is not limited by borders and can easily get out of control.
Ukraine has been subject to aggressive Russian cyber operations over the past decade, and since 2014 has been subject to invasion and military intervention by Moscow. In 2015 and 2016, Russian hackers attacked the Ukrainian power grid and turned off the lights in Kiev. – unprecedented acts that have not been carried out anywhere before or since.
The 2017 NotPetya cyberattack, once again commissioned by Moscow, initially targeted Ukrainian private companies before spreading and destroying systems around the world.
NotPetya masqueraded as ransomware, but in reality it was a purely destructive and highly viral piece of code. The destructive malware seen in Ukraine last week, now known as WhisperGate, also pretended to be ransomware, aiming to destroy key data that disables machines. Experts say that WhisperGate “resembling” NotPetya, down to the technical processes that ensure destruction, but there are noticeable differences in this. First, WhisperGate is less complex and not designed to spread as quickly. Russia denies any involvement, and no definite connection points to Moscow.
NotPetya has disabled seaports and put several giant multinational corporations and government agencies out of business. Nearly everyone who did business with Ukraine was affected because the Russians covertly poisoned the software used by everyone who pays taxes or does business in the country.
The White House said the attack caused more than $10 billion in global damage and called it “the most destructive and costly cyber attack in history.”
Debate has continued since 2017 as to whether the international casualties were simply unintended collateral damage, or whether the attack was targeted at companies doing business with Russia’s enemies. What is clear is that this could happen again.
Coincidence or not, Hultquist expects us to see cyber operations by the Russian military intelligence agency GRU, the organization behind many of the most aggressive hacks of all time both inside and outside of Ukraine. The most notorious GRU hacking group, dubbed the Sandworm by experts, has been responsible for a long list of the greatest attacks, including the 2015 Ukrainian power grid hack, the 2017 NotPetya hack, US and French election interference, and the Olympic Games hack. due to a doping controversy in Russia, due to which the country was excluded from the games.
Haltqvist is also looking for another group, known to experts as the Berserk Bear, who originate from the Russian FSB intelligence service. In 2020 US officials warned about the threat the group poses to government networks. German government said the same group made “longstanding compromises” in companies targeting the energy, water and electricity sectors.