Army of Cyber Hackers Rise Up to Back Ukraine
Facebook and Google expand security protections amidst the Russo-Ukrainian war
As Russia’s military invasion of Ukraine unfolds, a whole new shadow war is taking place on cyberspace, as hacktivist groups allied with both the nations have stepped up their attacks, prompting tech platforms to disrupt the flow of disinformation in the region and block accounts that targeted Ukrainian officials with phishing attempts.
Earlier this week, Meta Platforms said it took down a network run by people in Russia and Ukraine targeting Ukraine for running websites posing as independent news entities and created fake personas across social media platforms including Facebook, Instagram, Twitter, YouTube, Telegram and also Russian Odnoklassniki and VK.
“This operation ran a handful of websites masquerading as independent news outlets, publishing claims about the West betraying Ukraine and Ukraine being a failed state,” the company explained.
Google’s Threat Analysis Group, which has also been closely monitoring the attacks, said it terminated several YouTube channels involved in the CIB operation. “The channels had minimal engagement with less than 90 subscribers total,” TAG’s Shane Huntley noted.
In addition, Meta said it detected phishing attacks staged by a Belarusian nation-state group called Ghostwriter, which involves gaining access to users’ social media accounts through email compromise with the goal of posting disinformation as if “it’s coming from the legitimate account owners.”
Ukraine, for its part, has formed a government-backed “IT Army” of global volunteer hackers using Telegram, on which more than 270,000 people have signed up to carry out distributed denial-of-service (DDoS) attacks to bring down websites belonging to Russian and Belarusian government and commercial entities.
“Even the Russians said that the power [the IT Army] has is equal to what only three countries in this world have — the USA, China and Russia,” Oleksandr (Alex) Bornyakov, Ukraine’s deputy minister for Information Transformation, told TechCrunch in an interview. “So their combined efforts are equal to the biggest state cyber defense groups.”
That said, online assaults orchestrated by or for the benefit of the Kremlin against Ukraine (or beyond it) appear to have limited success so far, despite warnings of “tit for tat” attacks aimed at Western organizations in response to Russian sanctions or possible cyber operations targeting Russia.
To top it all, the three waves of data wiper intrusions directed at Ukrainian governments have not been nearly as widespread as in past cyber offensives such as the 2017 NotPetya attacks, in which a decoy ransomware strain attributed to the Russia’s Main Intelligence Directorate (GRU) caused billions of dollars in damages, much of it in Ukraine.
What’s more, the Conti ransomware group, which was one of the fist to openly pledge its support for Russia, paid a hefty price after one of its pro-Ukrainian members (there’s still some confusion as to whether the individual is a Conti affiliate or a security researcher) leaked more than a year’s worth of its internal communications in retaliation, offering a treasure trove of information about the extortionist gang’s inner workings.
The cyber strikes against Ukraine of late represent Russia’s “long-standing campaign of cyber harassment of the country [...] rather than a serious escalation of it,” former U.K. National Cyber Security Centre (NCSC) chief Ciaran Martin said.