Hacking groups throughout the world are increasing their activities as a result of the Russian invasion of Ukraine on February 24, 2022. Some of these groups are supporting a particular side, while others simply want to take advantage of the resulting chaos.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning concerning the growing threat of advanced persistent threat (APT) actors resulting from the invasion. While world superpowers have fought each other by proxy in the past, the current conflict in Ukraine may be the first cyber proxy war.
Cyber attacks by Russian-based hackers have already succeeded in affecting US infrastructure, especially during the past year. The ransomware attack of the Colonial pipeline in May 2021 led to gas shortages on the East Coast due to panic buying. A similar attack against JBS, the world’s largest meat processing company, the following month escalated concerns about a spike in meat prices.
Security analyst believe the ransomware group Conti is backed by the Russian government, so it comes as no surprise that it will be supporting Russia in its ongoing conflict with Ukraine. This group has already carried out hundreds of attacks during recent years and recently stated on the dark web that it would be using all its resources to strike at critical infrastructure belonging to anyone who attacks Russia. Conti is the first cyber criminal group to publicly back Russia, but others are likely to follow. Conti’s position is particularly noteworthy, considering Russia’s recent crack downs on ransomware against its own infrastructure. This stance could indicate that the group is operating with the Kremlin’s blessing.
U.S. officials have repeatedly warned about the risk of ransomware attacks from Conti, especially as economic sanctions begin to impact Russia. Conti was the second most active ransomware group in the world during 2021 by number of victims, according to Digital Shadows. This group already has experience in attacking a nation’s critical infrastructure, having crippled Ireland’s Health Service Executive (HSE) in May 2021.
The hacker group Anonymous has allied itself with the Ukraine in the current Russo-Ukraine conflict. This group has made multiple Twitter posts on this issue that include its signature figure in a Guy Fawkes. Anonymous has stated that it’s in a “cyber war” against the Russian government, adding that it will take industrial control systems hostage if the situation in Ukraine worsens. This group’s involvement is expected, as Anonymous has a well-known reputation for taking strong stands on political issues and acting on them via cyber attacks.
Anonymous claimed on the day of the Russian invasion that it had already brought down multiple websites of the Russian government, including state news site RT News. The hacker group added that the news site was spreading propaganda about Russia’s invasion of Ukraine. RT News confirmed that it was the victim of a distributed denial-of-service (DDoS) attack. Anonymous also tweeted on February 25 that it had successfully breached the Russian Ministry of Defence’s website and leaked its contents. Twitter later removed this tweet for violating its posting rules.
Another hacker group named Ghost Security, or GhostSec, has also disclosed its intentions to support Ukraine. Analysts believe GhostSec is an Anonymous offshoot.
The Russian invasion of Ukraine will significantly increase cyber attacks against multiple countries. Politically motivated groups will carry out most of these attacks against the primary combatants, but US infrastructure is also likely to be targeted by ransomware groups during the conflict. Some of these groups may be seeking financial gain, but others could retaliate if the US imposes economic sanctions against Russia. In this scenario, the energy and financial services sector would be at greatest risk since these industries would be most impacted by sanctions. This conflict is thus likely to show that cyber attacks have now joined the traditional conflict theaters of air, land and sea.