View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 27, 2022updated 28 Sep 2022 8:19am

‘The GRU that cried wolf’: Russia’s cyber threats against Ukraine’s infrastructure likely to prove empty

Though the Kremlin says it is ready to strike, damaging cyberattacks against targets in Ukraine have yet to materialise.

By Claudia Glover

Russia has been ramping up cyber threats against critical national infrastructure in Ukraine as it tries to get back on the front foot in the war. But these promises of attacks are likely to prove empty, a security expert believes, with resources among criminal gangs friendly to Russia already stretched.

The Rivne nuclear power plant in Ukraine. Russia is threatening to attack the country’s critical infrastructure. (Photo by IrynaL/Shutterstock)

Ukraine yesterday warned that the Kremlin plans to carry out “massive cyberattacks on critical national infrastructure facilities” against it and its allies. “The experience of cyberattacks on Ukraine’s energy systems in 2015 and 2016 will be used when conducting these operations,” an advisory issued by the government in Kyiv says. “The Kremlin also intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic states.”

DDoS attacks on Baltic nations, carried out by hackers with apparent links to Russia, have accompanied the conflict in Ukraine. On Sunday, the North Macedonian government said it had experienced a cyberattack earlier in the month. This follows a spate of attacks on government agencies in Montenegro, Kosovo and Albania.

But when it comes to critical infrastructure, hackers have had limited success breaching targets in Ukraine. Research from security company Recorded Future shows that a cybercriminal gang known as SandWorm, thought to have close links to Russia’s GRU security force, has been bombarding Ukrainian networks with DNS domains masquerading as Ukrainian telecoms providers in a bid to breach systems, but seems to have had little success.

Russia Ukraine cyberattacks: will critical infrastructure be hit?

The latest cyber threats come against a backdrop of Russia losing ground to Ukrainian forces in Kharkiv and other cities that were thought to be under its control, which has led to president Vladimir Putin calling up 300,000 Russian citizens to strengthen its war effort.

“Putin is being increasingly backed into a corner,” says Alexi Drew, director and founder of Penumbra Analysis. “He’s got to threaten all possible means and try and demonstrate power effectively.”

Threatening cyberattacks is a useful way to do this, Drew argues. But, she says, the lack of action is telling. “It’s becoming a case of ‘the GRU that cried wolf’,” she says. “They say that they can [attack Ukraine], but they’ve failed to demonstrate that they actually have the capability to do so.” 

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

Planning and executing a successful attack against well-protected critical national infrastructure is complex and time-consuming, Drew adds. “It’s not an insignificant ask of even a well-funded, well-resourced team to develop a new piece of malware and gain access to these systems within the space of four months,” she says.

Russia’s plan to launch cyberattacks against Baltic nations

Threatening Poland and other Baltic states with DDoS attacks is an easier task, but is not without its issues, Drew continues. “A 14-year-old kid can hire a DDoS targeted against their friends,” she says. “It’s laughable to think that this is what apparently is the cutting edge of a state-sponsored cyberattack.”

Despite this, she describes the DDoS campaigns as a valid strategy, but notes that they are resource-intensive, suggesting larger attacks on national infrastructure may be a distant prospect. “By all accounts, the Russian groups that are responsible for doing this are pretty overloaded right now,” She says. “I don’t think they have the capacity to do what is being suggested, particularly in the way this posturing suggests they’re capable of.”

Read more: Hacktivists working with Russian security forces – Mandiant

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.