Cyber espionage, disruptive activities and information ops are all part of the covert battle waged in the shadows of the real-world crisis
Aggressive information operations, cyber espionage campaigns and disruptive online activities against Ukrainian targets are likely to continue and even escalate as the crisis with Russia deteriorates, according to a new report by Mandiant.
The cybersecurity firm points a finger at specific threat actors such as UNC2453, Turla, and APT28, which it has identified as having links to the Russian intelligence.
“These actors already frequently target government, military, diplomatic and related targets worldwide for intelligence that benefits Russia’s foreign policy decision making,” says the report.
As far as information operations that involve creating and disseminating fabricated content and social media manipulation to promote Russia’s desired narratives, the report notes that this is already happening in the context of the current crisis – for example during the recent defacement of Ukrainian government websites.
More than just “winter in Ukraine”
A separate report by Cisco Talos Intelligence Group also aims to shed some light on this covert battlefield. When discussing the website defacement and other attacks such as destructive wiper malware, which they dubbed Whispergate, the researchers note a familiar feeling, following years of investigating the Russia-Ukraine cyber sphere.
“If it weren’t for the obvious increase in geopolitical tensions in the region, we would simply consider it winter in Ukraine,” notes the report.
“To put it another way, we’ve seen this kind of activity on and off for years, and while we are quick to render assistance, we see no reason to panic because of these events.”
Still, the researchers warn “defenders around the world” to carefully follow the situation in Ukraine, as any organization that is connected to the country in one way or another could be affected.
This fear has become a reality in the 2017 NotPetya attack, a massive cyber attack that affected government ministries and various institutions worldwide, but primarily targeted Ukraine. The CIA, UK government, Security services of Ukraine and others have attributed this attack to the GRU, Russia’s main intelligence directorate of the armed forces – allegations which Russia had repeatedly denied.
“Because of this history, organizations with ties to Ukraine should consider how to isolate and monitor those connections to protect themselves,” warns the report.
Last week, the US Department of the Treasury sanctioned four current and former Ukrainian officials, including two current MPs, accusing them of engaging in “Russian government-directed influence activities to destabilize Ukraine.”
“The United States is taking action to expose and counter Russia’s dangerous and threatening campaign of influence and disinformation in Ukraine,” said Deputy Secretary of the Treasury Wally Adeyemo. “We are committed to taking steps to hold Russia accountable for their destabilizing actions.”