Russia has maintained a high operational tempo on its cyber operations in Ukraine since it started its invasion, but Ukraine has shown “incredible resilience and determination,” found European Cyber Conflict Research Initiative in a new detailed analysis.
Commissioned by the UK’s National Cyber Security Centre (NCSC), the report was launched at the CYBERUK 2023 conference, in Belfast on April 20, 2023.
Researchers noted: “While Russian forces may not have been well-prepared before the invasion began, they have acted with remarkable speed and flexibility since, sustaining an unprecedented operational tempo in Ukraine.”
The report also highlights the leading role of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), well-versed in information operations, in Russia’s cyber offensive against Ukraine.
However, Russia’s traditional channels were not the only ones active on the digital battleground. The ECCRI experts have also seen an unprecedented number of active state-aligned hacktivists and cyber-criminal groups, making it difficult for defenders to draw a clear line between financially and politically motivated cyber-attacks.
“The volume of Russian-attributed or supported cyberattacks occurring in Ukraine is unprecedented,” the report said.
Read more: Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage
The report also reflected on Ukraine’s resilient systems, which have enabled the country to withstand the barrage of cyber-attacks from Russia, from distributed denial-of-service attacks (DDoS) and cyber effects operations to disinformation and data weaponization.
This conflict marks the first time a country has benefited from such support from the technology and cybersecurity industry.
Paul Chichester, NCSC’s director of operations, said the report was “a timely contribution to the debate on what we can learn from the conflict, as well as the limits to our current understanding.”
“As we look to the future during our CYBERUK conference, the report offers a range of helpful insights, not least around what Ukraine has taught us about the power of resilient systems in the face of sustained cyber-attacks this is,” he added in a public statement.
Security Minister Tom Tugendhat also praised the report for shining an important spotlight “on a different kind of hostility [in] Putin’s illegal war, which the Ukrainians have responded to with exceptional resilience and determination. We must carefully assess its findings and learn the lessons it has to offer."
Looking to the future, however, the ECCRI experts stressed that “lessons learned from Ukraine may not be easily applied to other conflict situations,” given Ukraine’s very particular geography, among other reasons.
The analysis is based on a workshop held by ECCRI members earlier in 2023, including contributions from cyber threat intelligence (CTI) practitioners, academics, and officials from governments and international institutions.
It builds on a previous ECCRI report on wartime cyber operations in Ukraine, based on a closed-door workshop held in Tallinn in May 2022, just three months after the full-scale invasion of Ukraine.