Russian hackers are notorious for their malicious skills, even bringing the moniker ‘hackzone’ to the country. The dirty work done by some organised hacking groups in the ongoing war in Ukraine has grabbed the spotlight and it is now clear that the hacking world is divided.
Russian hackers are known as sophisticated threat actors, and security experts claim that they are not only excellent programmers but also know how to get in and out of a network without leaving a trace.
Additionally, while other countries’ hackers are frequently motivated by ideology, most Russian cybercriminals have developed a reputation as digital pickpockets who are more interested in emptying bank accounts than making a statement.
For example, Vladimir Levin, now 55, was sentenced to three years in prison for stealing $3.7 million from multiple Citibank accounts in 1995. He was able to do it using a home computer and a dial-up internet connection.
On February 24, Russian President Vladimir Putin declared war against neighbouring Ukraine and the situation is extremely concerning for the entire world as there is no indication of the conflict coming to an end. Additionally, due to the ongoing cyber activities from both countries, the world is now concerned over whether the crisis will lead to a global cyberwar.
The Hackers’ World Is Divided
As per recent reports, hackers detonated strong data-destroying software on the network of Ukraine’s Ministry of Internal Affairs, and syphoned off enormous volumes of data from the country’s telecommunications network.
The attacks hit a key Ukrainian law enforcement agency in charge of overseeing the national police, while also providing the hackers with potentially valuable information about people’s communications and movements inside the country before Russian troops launched their assault.
On the same day that Russian forces invaded Ukrainian territory, key Kyiv government websites, including those of the parliament, government, foreign ministry and other state institutions, became inaccessible.
ALSO READ | War In Ukraine: Russia Tells TikTok To Stop Recommending Military Content To Minors
Last week, Conti, the renowned ransomware gang, stunned many observers by openly supporting Putin’s military goal, professing “complete support” for the Russian government and promising to destroy any adversaries launching cyberattacks against Russia’s critical infrastructure.
But what happened two days later also come as a shock to people. Conti’s bravado backfired badly on February 27, when an anonymous individual disclosed a cache of the ransomware group’s chat logs, revealing a massive amount of previously unpublished information regarding the ransomware group’s internal workings.
As per the leaked information on Conti, over a year’s worth of chat logs from the open-source instant messaging service Jabber was revealed, containing messages between at least 20 chat handles presumed to belong to gang members. These logs appear to confirm a chain of command linking this notorious group to Russian intelligence agencies.
Separately, the hacker collective Anonymous has claimed responsibility for many hacks that brought down Russian government websites and state-run news sources.
This week, several important Russian media outlets, including the state-run news agencies TASS and RIA Novosti, as well as the newspaper Kommersant, appeared to have been targeted at the same time. Their homepages briefly showed a statement denouncing Russia’s invasion of Ukraine.
The message in Russian read: “Dear citizens. We urge you to stop this madness, don’t send your sons and husbands to certain death. Putin makes us lie and puts us in danger. We have been isolated from the whole world, oil and gas are no longer traded. In a few years, we will be living like in North Korea.”
ALSO READ | Russia’s Economy is Surprisingly Tiny. Here’s Why it Matters So Much to You
A Twitter account, ‘Anonymous’, related to the hackers’ collective tweeted on February 25 that it is “officially in cyberwar against the Russian government”. Following this, the organisation has claimed responsibility for a number of cyberattacks, including distributed denial of service (DDOS) operations that took down Russian government websites and the country’s state-run news agency RT.
‘Anonymous’, the group of hackers which emerged in the beginning of the 2000s, on February 27 claimed to have hacked Russian state television networks and broadcast pro-Ukraine content, including patriotic songs and footage from the invasion.
Meanwhile, Ukraine’s Vice Prime Minister Mykhailo Fedorov said that the country was setting up an “IT army” to counter Russia’s digital attacks. He tweeted that “there will be tasks for everyone”, and linked a channel on the Telegram messaging app featuring a list of top Russian websites to target.
However, governments and cybersecurity experts have long accused Russia of conducting cyberattacks and disinformation campaigns in order to disrupt economies and undermine democracy. Now they fear that Russia may unleash more advanced cyberattacks against Ukraine, as well as maybe other countries.
Apart from Conti, advanced persistent threat (APT) groups such as UNC1151, which is tied to the Belarusian government, and some ransomware gangs might provide Russia with means of retaliation.
According to Massachusetts-based Recorded Future, “spillover attacks” or intentional reprisal assaults against the United States and European organisations could occur.
For example, NotPetya, a well-known malware, attacked computers all across the world in 2017. It started with Ukrainian organisations but quickly expanded throughout the world, hitting large corporations like Maersk, WPP and Merck.
Sandworm, Moscow’s intelligence agency GRU’s cyber squad, was blamed for the attacks, which cost upwards of $10 billion in total damage.
According to the latest reports, a pro-Russian disinformation campaign was suspected by many German newspapers after intrusions on their websites and social media accounts. Bots targeted the websites and social media accounts of German media publisher Funke in various waves.
Germany is one of the countries which criticised the Russian invasion as well as said that it will support restricting Russia from SWIFT banking system. Even the German government said that it will send weapons and other supplies directly to Ukraine, which will help the countrymen fighting against Russia.
NATO Mutual Defence Clause
So, while the cyber threat is undeniable and raising tension around the world, a question has popped up recently — is it possible that such cyberattacks would trigger NATO’s mutual defence clause?
In this case, experts believe that Russia appears unlikely to launch a large-scale strike on NATO states’ infrastructure. This is because a cyberattack could be interpreted as a reason to invoke Article 5, the mutual defence clause.
Under Article 5, collective defence means that an attack on one ally is treated as an attack on all allies. After the 9/11 attacks in the United States, NATO invoked Article 5 for the first time in its history.
Even though such widespread attacks may look unlikely, all countries siding with Ukraine are probably not avoiding any such possibilities. Especially the United States, where banks are reportedly preparing for cyberattacks after President Joe Biden slapped stringent sanctions on Russia.
Read all the Latest News, Breaking News and Assembly Elections Live Updates here.