Executive Summary
Although the ongoing war between Russia and Ukraine is well known since the invasion in February 2022, the use of cyber warfare is still unknown to many. With the use of cyber warfare in the Russo-Ukraine war, Ukrainian leaders have stated that “the country has become a "test ground" for new cyber weapons and tactics”.
Both public and private information systems have been targeted from the start of the conflict to present, however, one notable attack occurred prior to the invasion of Ukraine. The same day that Ukraine was invaded by Russia, the cybersecurity company ESET discovered a disk-wiping malware known as KillDisk targeting various Ukrainian organisations including banks, government agencies and aviation. At first glance, it behaves similar to ransomware in the way that it removes files from the device, however, this malware does not encrypt or ransom back the data. It will delete files from the computer, but also the master boot record with the only known purpose of this attack being to result in an unusable device.
Similarly, in attempts to sabotage the Ukrainian power system cyber-attacks were carried out against DTEK (the largest private energy investor in Ukraine) and as a result left many without power. Russia have been found to be responsible for numerous cyber-attacks targeting Ukraine’s energy institutions with the most damaging attack being the infamous ‘NotPetya’ cyberattack in June 2017 which was described as ‘the most destructive and costly cyber-attack in history’. Although this attack targeted Ukraine, it also affected numerous organisations across the world costing an estimated $10 billion globally.
Due to the cyber-attacks against Ukraine, Kyiv has argued that these attacks are so destructive towards critical and civilian infrastructure that they could amount to war crimes. This is due to cyberattacks being launched alongside kinetic warfare to assist in damage to infrastructure like in the examples above. However, these cyber-attacks come from both sides with Pro-Ukrainian hackers targeting state agencies as well as civilians. This has resulted in a huge number of data leaks containing names, addresses and phone numbers of the Russian population including schoolchildren. In fact there were so many leaks in 2022 that prices have almost halved for databases on the dark web that do not contain financial and other sensitive information.
The effects of these cyber-attacks are not for financial gain but instead almost purely to cause damage to devices, infrastructure and in some cases human life. The KillDisk cyber-attack was used for the sole intention of damaging the devices and data across the country and similarly, the cyber-attacks launched against energy companies carried the intention of taking electricity away from not only organisations but also civilians. Furthermore, a large portion of the data breaches carried out by both government and civilian entities is not relevant to war and mainly targets civilians, for example, the schoolchildren in Russia.
References
https://www.newsweek.com/russia-ukraine-war-cyberattack-test-ground-nato-eu-hackers-1745309
https://www.politico.eu/article/victor-zhora-ukraine-russia-cyberattack-infrastructure-war-crime/"
