Abstract
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices.
Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international “IT army” of hacktivists. The Telegram channel of this “army” consists of more than 175,000 members, already.
The Anonymous collective has taken a side in the conflict, successfully attacking various Russian websites the past few days. Major technology companies like Elon Musk’s SpaceX has taken a clear side, providing Ukraine with Starlink satellite internet services to help keeping the internet connectivity of the country.
Nevertheless, there are also those who take the side of Russia in the conflict. For example, Conti ransomware group has threatened that in the case of any cyber-attack on Russia, they will react back. In addition, many cyber crooks take advantage of the situation to distribute a variety of phishing emails with Ukraine donation oriented subjects.
Ukrainian Cyber Armies in the Conflict
In the last couple of days, the Ukrainian government took an unprecedented step to establish a cyber-army that will support the country during the war and change the balance of power between Russia and the Ukraine, at least in the cyberspace.
On February 26th, Mykhailo Fedorov, Vice Prime Minister and the Minister of Digital Transformation of Ukraine, posted on his twitter that Ukraine is creating an IT army of volunteers to fight Russia on the cyber front.
Figure 1 – announcement on the creation of IT army
The telegram channel of the IT army of Ukraine already includes over 175,000 subscribers. So far, the Ukrainian government has used this channel to post offensive tactics in cyber space against Russia. These are all attempts to attack websites and the APIs of websites, which are linked to the Russian government, the banking industry and major governmental companies of Russia.
Figure 2 – Russian cyber targets Ukraine is asking to attack
As part of this attempt to get more people to join the “Ukrainian cyber army”, posts started to circulate in underground forums with requests to help defend Ukraine in cyber space; it is claimed that the post was written as per a request of a senior Ukrainian defense ministry official.
Another key member of the “Ukrainian cyber army” is the Anonymous Collective. Anonymous declared a cyber-war against Russia, already having some successes in attacking Russia. On Saturday, Anonymous claimed that they conducted successful DDoS attacks against several key websites of Russian government including the website of Kremlin, the Russian Ministry of Defense and Russian Duma. Netblocks were able to confirm this claim by Anonymous.
Figure 3 – Anonymous declare launch of cyber war against Russia
Additionally, Anonymous leaked 200 GB of data of Tetraedr, the Belarusian weapons manufacturer and some databases from the Russian Ministry of Defense website.
Figure 4 – Anonymous declare breaching Tetraedr
Many companies and leaders in the technology and cyber security industries also joined the “Ukrainian cyber army”. The companies decided to provide Ukraine with technological support in different areas. One of those is Elon Musk, who is now providing Ukraine with Starlink satellite internet services, to help maintain the internet connectivity of the country.
Figure 5 – Elon Musk announces start of Starlink services in Ukraine
Also Disbalancer, a DDoS stress testing company, posted that they are collecting donations to buy servers to execute DDoS attacks against Russia:
Figure 6 – Disbalancer asks for donations to execute DDoS attacks against Russia
Russian Cyber Armies in the Conflict
On the other side, key Russian cybercrime groups fully support Russia and have threatened that any cyber-attack on Russia will see a fierce retaliation from them. An example of a Russian cybercriminal group, who has threatened those who target Russian sites, is the Conti ransomware group. They posted a direct threat to avenge any cyber attacks against Russia on their blog.
Figure 7 – Initial announcement of Conti group
Having said that, a few hours later, Conti changed their statement saying that they are not affiliated with any government, but condemn western aggression.
Figure 8 – Revised announcement of Conti group
Also, another cybercrime group “CoomingProject” that during 2021, re-posted different leaks from Western companies, posted a similar message that they will help the Russian government, if it is attacked in the cyberspace.
Figure 9 –Announcement of CoomingProject group
The Ukrainian government has asked for donations in cryptocurrencies on their official Twitter, already receiving more than $1.5 million. Cybercriminals are using the crisis and distributing phishing donation emails. We have identified several such email campaigns that are sent with either the crypto wallets of the crooks, or their international bank accounts.
Figure 10 – Impersonation on National Bank of Ukraine
We expect that with the advancement of the military activity between Russia and Ukraine, there will be additional polarization in the cyber space as “cyber armies” on both sides continue to conduct increasingly aggressive campaigns.