The war in Ukraine is the first real cyberwar in Europe. Although the number of attacks in Poland has increased, large-scale impacts have not yet been felt.
Experts remind that although the bombings on the night of 24 February are considered to have begun the Russian invasion of Ukraine, in fact its first phase began much earlier – on the Internet.
Already on 15 January, a deface attack hit several government networks. “The hackers […] replaced the content of government websites with a message. Its content suggested that it was Poles […] behind the attack,” points out the Niebezpiecznik.pl news service.
On the same day, malicious software used to erase data was introduced into some Ukrainian government networks. There were more similar cases of such attacks, showing that although the war between Russia and Ukraine remains primarily a conventional war, it is not free from malicious activities in cyberspace.
However, unexpectedly, no major impact has been recorded yet – neither against Ukraine nor Poland.
Cyber threats from Russia’s war in Ukraine
Accenture, a business consulting firm, publishes periodic reports on cyber incidents around the world resulting from the Russian aggression.
In its latest report, published on April 28, Accenture says that “residents in Ukraine, Belarus, and Russia have experienced disruptions of essential business and government services, including electricity, transportation, and payments services, and more disruptions will likely occur.”
NATO countries can also expect an increase in cyber attacks, intended to “erode the popular sentiment and political will aligning with support for Ukraine” and may target government bodies or critical infrastructure of allied countries, the report says.
The economic sanctions that these countries have imposed on Russia may result in Moscow taking retaliatory measures in cyberspace, says Accenture. Washington has already established that Russia is analysing the critical infrastructure of the US and other NATO countries and is “exploring the possibilities” of attacking it.
The countries that have imposed sanctions on Russia are experiencing an increased wave of DDoS (Distributed Denial of Service) attacks, the report adds. These are distributed attacks on computer systems or network services that prevent their proper functioning. However, it is not always possible to prove the link between these attacks and the war in Ukraine, the experts explain.
More low-risk attacks in Poland
The Polish Prime Minister’s Office recently reported a rising number of DDoS attacks against Polish institutions and domestic entities, which may cause difficulties in accessing e-services.
“The current wave of attacks is openly admitted by Russian-speaking hacktivist groups,” the PM’s office said, assuring however, that the attacks did not affect “the confidentiality of data processed by the attacked entities,” and that the situation was under control.
In February, the government raised the alert level regarding threats in cyberspace from ALFA-CRP to CHARLIE-CRP – the third on the four-level scale. The main reason were cyber attacks on government servers in Ukraine, Prime Minister Mateusz Morawiecki said at the time.
In early 2022, the Israeli company Check Point Research informed about a sharp increase in cyber attacks in 2021. Poland was among the countries particularly hit by the rising number of attacks on government institutions. Compared to the previous year, the increase was as much as 73%, according to Interia and the Kosciuszko Institute, who jointly organise the CYBERSEC FORUM / EXPO event.
One of the attacks on government websites, successfully thwarted, was carried out during President Joe Biden’s visit to Poland earlier this year.
Although Polish experts doubt that the country is in danger of being paralysed by major attacks on critical cyber infrastructure, they recommend that citizens get prepared to short-time disruptions of key services.
USA: Cyber threats must not be underestimated
As part of international cooperation and partnership, the so-called Five Eyes Group (US, Australia, Canada, New Zealand and UK) has recently issued an alert with “a comprehensive overview of Russian state-sponsored and cybercriminal threats to critical infrastructure.”
Alert AA22-110A (Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure) contains information on cyber operations attributed to Russian state entities. The suspects include the FSB and GRU, but also the Russian Foreign Intelligence Service (SVR), the Ministry of Defense, and the Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM).
Although so far no very large-scale attacks have been carried out on the infrastructure of Western countries and international organisations, the threat should not be underestimated, stressed Rob Joyce, director for cybersecurity at the US National Security Agency.
“I’m still very worried about the threats emanating from around the Russia-Ukraine situation,” he told the BBC.
Contrary to prior expectations, Russia did not launch a massive attack on Ukrainian critical infrastructure at the outset; instead, there were numerous attacks on a smaller scale. “It wasn’t one massive attack. But there’s been a sustained conflict,” Joyce explained.
On 10 May, the US, the UK and the EU accused Russia of a cyber attack that shut down Internet services for tens of thousands of satellite modems in Ukraine and elsewhere in Europe on 24 February.
Modems that communicate with the Ka-Sat satellite of the American telecommunications company Viasat were paralysed. The satellite enabled access to broadband Internet to Ukrainian public administration and the army.
The cyberattack disrupted communications in Ukraine an hour before the full-scale Russian invasion, while also disabling thousands of inactive wind turbines in Germany that relied on a satellite network.
Hackers supporting Ukraine seen as dangerous too
Not all cyber attacks are directed against Ukraine, though. The Anonymous group launched its own offensive against Russia. Hackers broke into the databases of Roskomnadzor and the Yandex Internet search engine, and hacked Russian state-owned TV stations (Rossiya 24, Pervyi Kanal).
Not only do the cyber attacks carried out by entities related to Russia pose a threat, but so does the activity of hackers who want to support Ukraine by attacking the Russian government infrastructure, Joyce pointed out.
“We all want to cheer for the people who are trying to help in this situation. But it actually is a problem,” he said.
Numerous cyber activists who attack Russian government bodies or companies publish the collected information online. “We have to understand that there are rules, there are crimes, and there are lines that can be crossed,” the NSA official said.
Such activities can be dangerous, because Russia may interpret these attacks as expressions of support for Western countries and take retaliatory measures aimed at these countries, said Joyce.
[Edited by Zoran Radosavljevic and Frédéric Simon]