Ukrainian government websites were taken offline on Wednesday in a new wave of cyberattacks that hit Ukraine, as Russian forces begin to arrive in the country and Ukraine declares a state of emergency in the country. national scale following Russia’s recent aggression.
The websites of Ukraine’s Foreign Ministry, its security service or SBU and the Cabinet of Ministers were all down on Wednesday. Banks are also affected, Ukrainian Minister of Digital Transformation Mykhailo Fedorov said on his Telegram channel. Ukrainian soldiers also recently reported receiving alarming text messages urging them to flee or be killed, in what appeared to be an attempt to degrade their morale.
It wasn’t immediately clear who was responsible for the website or SMS outages, or if it was the same actor, but it smacks of the same playbook the Russian government has been using in recent days to try to use cyber operations to sow confusion. and doubt in Ukraine before an invasion.
According to assessments by the US and UK intelligence communities, the Russian GRU, its main intelligence directorate, was responsible for a similar cyber operation known as DDoS that took Ukrainian Ministry of Defense websites offline. and Armed Services and hit Ukrainian banks last week, Anne Neuberger, Biden’s deputy national security adviser for cybersecurity and emerging technologies, said in recent days.
The attack appears to have several components, including one with psychological effects: Ukrainians also received text messages alerting them that ATMs were not working in an apparent attempt to sow panic in the country. The messages were fake, according to Ukrainian police.
Fedorov said the attacks in this case are also DDoS operations, which is a cyber operation when attackers overwhelm a site to the point that it malfunctions and shuts down. Ukraine’s cybersecurity agency, the State Service for Special Communication and Information Protection, confirmed to The Daily Beast on Wednesday that the DDoS attacks hit government websites and banks.
Cloudflare, a cybersecurity firm, told The Daily Beast that DDoS attacks have recently increased in Ukraine.
“We have seen sporadic DDoS activity in Ukraine. We saw more DDoS activity this week than last week, but less than a month ago,” a spokesperson told The Daily Beast.
It is unclear which threatening SMS messages troops are receiving now and the news website outages are related.
But both seem like a page from Russia’s operations manual, Steve Hall, the former CIA Russia operations chief, told The Daily Beast.
“It’s the old script that the Russians used – and all the military used. You’re always going to prepare the battlefield with some sort of propaganda effort,” Hall told The Daily Beast. leaflets behind enemy lines… now it’s much easier these days, you just have to go on the internet and send those leaflets in electronic format… you prepare the battlefield, you prepare the space of fight to soften the resistance.”
Ukrainians have long received threatening text messages suspected of coming from the Kremlin, just like those they are receiving this week, according to the Associated Press. After fighting intensified in eastern Ukraine in 2014, Ukrainians began to receive messages that their forces were decimated. In 2017, similar messages arrived:
“It’s part of hybrid warfare to keep us in tension all the time.”
“Ukrainian soldiers,” the messages warned, according to the AP, “they will find your bodies when the snow melts.”
Now the messages are warning Ukrainians to run for their lives.
“There is still time to save your life and leave the JFO area,” read the messages, according to InformNapalm, a Ukrainian activist group, Ukrainian media Focus reported.
Ukrainian Information Minister Tkachenko Oleksandr told Sky News the news cyber operations probably aim to keep the Ukrainians under pressure.
“It’s part of hybrid warfare to keep us in tension all the time,” he said.
The Russian GRU may have more cyber operations underway, including hacks, leaks and destructive operations, John Hultquist, vice president of Mandiant Threat Intelligence, told The Daily Beast.
“We expect a long campaign of incidents that can range from the simplistic to the complex,” Hultquist told The Daily Beast. “In the past, we have seen the GRU run a protracted campaign that includes DDoS attacks, defacements, hacks, leaks, and destructive attacks. The relentless nature of incidents ensures that they are harder to ignore.
PsyOps like this and cyberattacks from Russia are likely to only increase from now on, and their arrival just as Russia recognizes two separatist territories in Ukraine and heads for the jugular, suggests Russia is likely about to speed things up even more, Hall says.
“It almost certainly portends more military operations.”