Come on simple DDoS attacks (which overload the targeted services with requests sending it haywire) at forays into Russian televisionsup to the actions they would even have hindered rail transport in Belarus. The conflict between Russia and Ukraine has a non-negligible cyber component, but which groups have taken part in this underground electronic warfare? What kinds of actions are they capable of doing? And how are they divided along the two sides? Create a hacker map who took part in this digital conflict is not simple: it ranges from amateurs who organize themselves through very popular Telegram channels and to professionals enrolled in the army who dedicate themselves to the most strategic and impactful operations.
The front of the anti-Russian volunteers
In the last few weeks the return in style and anti-Russian function of Anonymous, the collective born in the early 2000s and which reached its peak of fame at the turn of 2010. However, it is not a real hacker group: in fact, Anonymous is devoid of leaders and hierarchies. Anyone who participates in the missions organized within the forums, chats and messaging platforms becomes a de facto part of Anonymous.
Invasion of Ukraine, why bother with Anonymous and cybercrime?
by Pierluigi Paganini
The main weapon available to the collective are the aforementioned DDoS attacks. It is the most basic form of cyberattack, through which the targeted websites are saturated with a huge number of access requests, making it inaccessible. Almost no experience is required to complete operations of this type. Indeed, on the net there are numerous online services that allow you to perform DDoS with almost the same ease with which you place an order on Amazon. They are sites like Str3ssed or CyberVM, which allow you to enter the address of the targeted site, choose the intensity and duration of the attack, make the payment (obviously in cryptocurrencies) and that’s it.
A very similar argument can be made for the IT Army in favor of Ukraine, announced on Twitter on February 26 by Ukrainian Deputy Prime Minister Mykhailo Fedorov and which is organized directly on Telegram, where the dedicated channel has over 300,000 users. Again, it appears that the actions are mostly about DDoS attacks. At the time of writing, the last message visible on the channel reports a list of institutional websites of the Russian regions accompanied by an inscription: “The regions of the Russian Federation support the extermination policy of Ukraine. Let’s make sure nobody sees their propaganda ”. It is therefore about a list of sites to attack via DDoS to make them inaccessible (and indeed many are already offline).
Forecasts
Cybercrime and the ugly 2022 that awaits us
by Arturo Di Corinto
But if this type of attack has a mainly symbolic value (and may perhaps complicate the spread of Kremlin propaganda), some operations claimed by Anonymous and the IT Army are more effective. It is the case of the raid thanks to which Anonymous would be sneaked into Russian television to show pictures of the war in Ukraine or the attacks that the IT Army would be trying to making ATMs unusable used by Russian citizens. It is though difficult to verify beyond any doubt which of these operations have actually been successful, due to the informal nature of these groups, the lack of feedback from the other side and the inevitable confusion that exists in the jumble of voices, groups and communication channels used .
Another important collective on the Ukrainian front is that of CyberPartisans Belarusians. Unlike Anonymous and IT Army, in this case it is a real hacktivist group (hacker activists), made up of less than 20 people with the necessary experience to carry out operations with a notable impact. The best known – and which has been partially confirmed – is the one it would have on at least two occasions hit the management systems of the country’s railway servicecreating slowdowns and other inconveniences.
An operation motivated by the fact that the Belarusian railways contribute to the transport of Russian troops used to invade Ukraine. For these attacks, the i tool was used ransomware: it is the form of virus that has spread the most in recent years, capable of encrypting and thus making documents or programs on computers inaccessible. It is usually used to ask for ransoms (“ransom”, in English), but on this occasion it has shown a very different use.
The front that supports the Kremlin
The first hacker group to announce instead its takeover in favor of Russia was the Conti Group, which at least since 2019 has been raging on the network carrying out attacks against companies of all kinds – through the homonymous Conti ransomware – and then asking for ransoms. “Some of the actors operating with Conti ransomware are based in Russia and some of the criminals operating from here have documented links with Russian intelligence,” he told Reuters. Kimberly Gooddirector of the cybersecurity firm Mandiant.
These links would be at the basis of the choice made by the Conti Group, which has threatened to hit the critical infrastructure of those who take action against Russia. Up to now – beyond the usual operations against traditional companies (which are listed directly on their website) – it is not clear whether this group is keeping faith with the threats, also because the more complex actions certainly require different times. What is certain, however, is that the choice to side with Russia has already had consequences: someone has in fact managed to sneak into the systems used by the Conti group, spreading hundreds of thousands of messages exchanged internally among the members and also publishing the code of the their ransomware.
There are several more names, more or less known, in action at this juncture: “Other Russian groups such as XakNet, calling themselves ‘Russian patriots’, have come forward and have promised various attacks on Ukrainian targets,” he writes. Carola Frediani on the Guerre di Rete newsletter. “Killnet seems to have emerged almost out of nowhere, taking up Anonymous ways but against Anonymous. While the Stormous Ransomware – a group (…) with members who speak Arabic and active since 2021 – have announced the descent into the pro-Russia camp ”.
The Russia however, it has always been known to be one of the most active nations in the face of cyber attacks and for being responsible for the sensational actions – always directed against Ukraine – which resulted in a blackout a Kiev or widespread the infamous NotPetya viruswhich sent the Ukrainian computer system into a tailspin and then spread to the rest of the world, causing global economic damage of 10 billion dollars.
War
Tanks, missiles and planes but still no real devastating cyber attack
by Alessandro Longo
To deal with actions of this type are certainly not more or less improvised hackers, but cybersecurity professionals directly in the pay of the Russian army. According to allegations by the US Department of Justice, the IT departments of the GRU (the intelligence service of the Russian Armed Forces) are also responsible for attacks on Macron’s election campaign during the 2017 French elections, malware aimed at the inaugural ceremony of the Winter Olympics in South Korea and several other actions.
The two most active units of the GRU are known by the names of Fancy Bear e Voodoo Bear and are formed by military who wear uniform and work directly in government buildings. It is therefore no coincidence that the term “hybrid warfare”, Fought with both traditional and digital tools. At the same time, the importance of cyberattacks should not be overestimated in this phase: when you move on to missiles, rockets and artillery, you immediately understand what are the tools that can create real devastation.