Battling Moscow’s hackers prior to invasion gave Kyiv ‘full dress rehearsal’ for today’s cyber warfare
Ukraine has long been on the front line of many of the most devastating cyberattacks attributed to Russian state-sponsored hackers, from a 2015 power grid attack to the infamous 2017 NotPetya malware infections that spread around the world and caused billions of dollars in damages.
More recently, in the weeks leading up to the Russian invasion, Ukraine suffered a series of breaches that officials blamed on Russia. These attacks helped prepare the country to battle back against Moscow’s arsenal of digital weapons.
“For us it was like a full dress rehearsal,” Illya Vityuk, head of the cybersecurity department of the Ukrainian State Security Service, said referring to a DDoS and wiper attacks on government websites that began on Jan. 13.
Vityuk made the remarks during a Fordham University cybersecurity event this week co-hosted by FBI. He was among several Ukrainian cybersecurity officials that the U.S. paid to travel to the event and to meet with officials in New York and Washington.
The timing of those attacks was a “mistake” on Russia’s part, Vityuk said. They only served as a rallying cry to unify digital defense efforts in the country in the last weeks leading up to the invasion, he said.
In fact, Ukrainian officials began rehearsing even earlier, said Andrii Sharonov, first deputy chief of the country’s Cyber Police Department. In July, an advanced persistent threat group known as Armageddon, or Shuckworm, began a month-long cyberattack. Shuckworm has recently used phishing attacks to distribute malware, including new variants of the “Backdoor.Pterodo” payload, according to researchers.
The Shuckworm hacking team is closely tied to the Russian intelligence service FSB.
But Sharonov said the Russians haven’t been very effective since hacking the American satellite company Viasat, taking out communications in Ukraine just ahead of the invasion on Feb. 24. It seems like the Russians don’t have “much [left] in their pockets,” he said.
The January 2017 NotPetya attacks were a critical turning point for the country’s cyber defense evolution, according to Victor Zhora, the deputy chairman of the State Service of Special Communications and Information Protection of Ukraine. The NotPetya attack emanated from the Russian Main Intelligence Directorate, commonly known as the GRU, and unleashed malware that drove nearly $10 billion in losses worldwide.
NotPetya caused immense damage — even knocking out the radiation monitoring system at Ukraine’s Chernobyl nuclear power plant — but spurred the Ukrainian government to get serious about cyber defense, Zhora said. “It was a huge signal to the government.”
“There is no country in the world who can protect themselves alone.”
victor zhora, ukrainian cyber official
So were the BlackEnergy cyberattacks in December 2015. Some 230,000 Ukrainians were left without power after Russia attacked the energy grid in the country’s west. After those attacks, the Ukrainian government adopted a cyber defense strategy and national cybersecurity infrastructure, according to Natalia Tkachuk, head of cybersecurity for the National Security and Defense Council of Ukraine.
Zhora said that while Ukraine has not yet faced devastating cyberattacks, he believes the Russians
“continue to be very dangerous.”
Zhora and his colleagues will travel to Washington next week to meet with officials from the Cybersecurity and Infrastructure Security Agency, the FBI and the State Department.
“There is no country in the world who can protect themselves alone,” Zhora said
The Ukrainians were clear about their appreciation for the U.S. and global democracies at large throughout the discussion. Vityuk offered an anecdote, likening the Ukrainian experience with Russia to that of a lone pedestrian on a dark street when suddenly two dozen thugs armed with knives appear. He said in his mind’s eye that lone pedestrian fights because he has “no other options.”
“Probably you will die: That’s what we felt from February 24,” Vityuk said.
But he added that when good samaritans appear it changes everything.
“Somebody throws you a baseball bat,” Vityuk said. “And then you see that there are a couple of other guys who are probably about to help and then you see there are more guys coming — that’s what we experience now.”
This story was featured in CyberScoop Special Report: War in Ukraine
