Russia has been ramping up cyber threats against critical national infrastructure in Ukraine as it tries to get back on the front foot in the war. But these promises of attacks are likely to prove empty, a security expert believes, with resources among criminal gangs friendly to Russia already stretched.
Ukraine yesterday warned that the Kremlin plans to carry out “massive cyberattacks on critical national infrastructure facilities” against it and its allies. “The experience of cyberattacks on Ukraine’s energy systems in 2015 and 2016 will be used when conducting these operations,” an advisory issued by the government in Kyiv says. “The Kremlin also intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic states.”
DDoS attacks on Baltic nations, carried out by hackers with apparent links to Russia, have accompanied the conflict in Ukraine. On Sunday, the North Macedonian government said it had experienced a cyberattack earlier in the month. This follows a spate of attacks on government agencies in Montenegro, Kosovo and Albania.
But when it comes to critical infrastructure, hackers have had limited success breaching targets in Ukraine. Research from security company Recorded Future shows that a cybercriminal gang known as SandWorm, thought to have close links to Russia’s GRU security force, has been bombarding Ukrainian networks with DNS domains masquerading as Ukrainian telecoms providers in a bid to breach systems, but seems to have had little success.
Russia Ukraine cyberattacks: will critical infrastructure be hit?
The latest cyber threats come against a backdrop of Russia losing ground to Ukrainian forces in Kharkiv and other cities that were thought to be under its control, which has led to president Vladimir Putin calling up 300,000 Russian citizens to strengthen its war effort.
“Putin is being increasingly backed into a corner,” says Alexi Drew, director and founder of Penumbra Analysis. “He’s got to threaten all possible means and try and demonstrate power effectively.”
Threatening cyberattacks is a useful way to do this, Drew argues. But, she says, the lack of action is telling. “It’s becoming a case of ‘the GRU that cried wolf’,” she says. “They say that they can [attack Ukraine], but they’ve failed to demonstrate that they actually have the capability to do so.”
Planning and executing a successful attack against well-protected critical national infrastructure is complex and time-consuming, Drew adds. “It’s not an insignificant ask of even a well-funded, well-resourced team to develop a new piece of malware and gain access to these systems within the space of four months,” she says.
Russia’s plan to launch cyberattacks against Baltic nations
Threatening Poland and other Baltic states with DDoS attacks is an easier task, but is not without its issues, Drew continues. “A 14-year-old kid can hire a DDoS targeted against their friends,” she says. “It’s laughable to think that this is what apparently is the cutting edge of a state-sponsored cyberattack.”
Despite this, she describes the DDoS campaigns as a valid strategy, but notes that they are resource-intensive, suggesting larger attacks on national infrastructure may be a distant prospect. “By all accounts, the Russian groups that are responsible for doing this are pretty overloaded right now,” She says. “I don’t think they have the capacity to do what is being suggested, particularly in the way this posturing suggests they’re capable of.”