Russian cyber attacks aimless and opportunistic

Russian cyber attacks on Ukrainian infrastructure have devolved into a chaotic series of opportunistic events.

That’s according to Victor Zhora, the de facto head of cybersecurity for the Ukrainian government in Kyiv. Zhora, whose official title is deputy chairman of Ukraine’s State Service of Special Communications and Information Protection (SSSCIP), has led the country’s cyber response efforts during the Russian invasion, which began in late February.

Speaking at the 2022 Blackberry Security Summit Wednesday, Zhora described conditions amongst the country’s infrastructure as “day to day” but noted that the nation has been able to remain resilient, thanks in part to a lack of organization on the part of the opposition.

Zhora said that in the early months of the war, the country saw the expected volume of attacks and exploits from Russia’s military hacking units. Since then, however, things seem to have fallen apart for the Kremlin’s cyber forces.

“There was a huge growth within the first months of war and a number of highly sophisticated attacks in March and April,” said Zhora, “but up to the moment we see no particular strategy and we see rather opportunistic behavior.”

The admission may not come as much of a surprise, given what was already known about the nature of Russia’s cyber-offensive against the Ukraine. Experts noted back in August that the vast majority of activity was being carried out by Russia’s Main Directorate of the General Staff of the Armed Forces, more commonly known as the GRU, and other military and intelligence agencies.

As the military offensive has broken down, so too it seems have the cyber attacks.

Zhora, who shook off the label of “head of cybersecurity” in Ukraine and likens his role instead to that of a deputy officer in CISA, said that the Ukrainian government has been dealing with Russian cyber attacks since the country’s 2014 presidential elections and continuing to the 2017 outbreak of the NotPetya ransomware.

These years of constant attacks and threats allowed his and other government agencies to prepare themselves for the wave of cyber offensives that coincided with Russia’s invasion of Ukraine.

“One of the key elements of this preparation was the training of professionals and task forces,” Zhora explained. “We did exercises, hackathons and many other exercises. This is one of the key factors that helped us to ensure resilience in these challenging times.”

Despite the resilience of Ukraine’s internal networks and key government communication channels, Zhora noted that the country continues to face challenges as it struggles to maintain basic utilities such as electricity. Zhora spoke at Black Hat USA 2022 in August with researchers from ESET, where they detailed how the government and private sector companies joined forces to stop the Industroyer2 malware attacks, which was designed to trigger a blackout in the country.

He noted that his keynote address came at a rare time when both the power and network connection in his home were active, something that is not a given at a time when Kyiv remains a target for military attacks.

As for stopping the Russian cyber attacks entirely, Zhora believes that economic sanctions and other business incentives will cut off the lifeblood of Russia’s remaining cyber efforts.

“We need to weaken our aggressor,” said Zhora. “We need to weaken his ability to attack Ukraine and other countries. This can be done with sanctions.”