Russia's Cyber Tactics in Ukraine Shift to Focus on Espionage

Written by

Russian-backed hackers failed to achieve their strategic goals in 2022, both on the ground and in cyberspace, and are now turning to cyber espionage.

This is according to Victor Zhora, deputy chairman and chief digital transformation officer of the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, who explained the strategic change from disruptive attacks to cyber espionage to Infosecurity.

“We understand that cyber espionage is being done in the silent covert mode and persistence in the network can last months, even years. While gaining access and wiping everything inside can have huge impact, all the networks can be easily restored if you have backups, so it is a temporary effect, and in most cases threat actors lose all access to targeted systems after this kind of incidents,” Zhora told Infosecurity.

The ability to sit silently within a network and gain new information and have continued access can ultimately be much more valuable to threat actors. This is especially the case if an organization does not have sufficient monitoring capabilities or the qualified staff to identify malicious activities, Zhora said.

Read more: Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine

“All operations start from initial access and that is basically why all offensive units are looking for vulnerabilities and other ways to get into the network including social engineering,” Zhora explained. “The decision that follows is what to do next, the propagation of lateral movement inside the network, seeking credentials in order to gain privileges and have broader capabilities to cause damage to the resource.”

Battling the Enemy

During a presentation given during Logpoint’s ThinkIn conference in Copenhagen on March 7, 2023, Zhora explained that in 2022 Russian hackers have been following a general battle strategy concentrating on civilian targets. 

The type of target shifted in mid-2022 from mass media and telecommunication to the civilian power systems. 

However, there has been an overall failure by Russia to significantly disrupt Ukraine’s infrastructure through cyber activities.

Intelligence cooperations have been key in Ukraine’s battle against Russian cyberwar and SSSCIP’s industry partners include Google, Microsoft, Amazon, Mandiant, ESET, Cisco and Logpoint.

While Ukraine has significant cyber defenses and a lot of capability is provided by its partners, there is now a need to scale up on all fronts.  

Cyberwar Set to Continue

The overall impact of Russian cyber operations is much lower than a kinetic operation, this can also be pointed to as an explanation for a shift away from disruptive cyber-attacks.

“Their expectations to conquer Ukraine quickly were a mistake and perhaps Russians even now understand that this war could continue for another year, or even longer,” he said.

Zhora believes that while the kinetic war may end this year, or in at the latest in 2024, it is unlikely that the cyber conflict will be all over although activities may decrease.

“We can be more effective, and the adversary can be less active, but I don’t think that cyber challenges and cyber threats are to disappear on one wonderful day,” Zhora said.

Ukraine currently experiences up to 10 major cyber incidents per day and during 2022 hackers targeted 2194 Ukrainian entities.

What’s hot on Infosecurity Magazine?