Russia launched disruptive cyber-attacks against the Ukrainian government even before the initial invasion. Threat researchers recently found three separate attack incidents of Distributed Denial of Service (DDoS), malicious tools, and infrastructure disruption targeting Ukraine. Cybercriminals targeted WordPress sites to add a malicious script that uses visitors’ browsers to carry out DDoS attacks on Ukrainian websites. The DDoS attack interfered with ten Ukrainian websites including government agencies, think tanks, financial sites, recruitment sites for the International Legion of Defense of Ukraine, and other pro-Ukrainian sites. Additionally, a cyber-attack on Ukrtelecom, a Ukrainian telecommunications company, disrupted services across the country. Ukraine CERT has also warned that the Belarus-linked GhostWriter APT has targeted state entities using Cobalt Strike Beacon. It is believed Ukraine will continue to be a target of Russian backed cyber-attacks as the conflict continues.
Ukraine is no stranger to cyberattacks from Russia and has been dealing with them over the last several years. It is likely Russia will continue to carry out these attacks in order to disrupt communications and supply chains for Ukraine. Russia appears to have launched a misinformation campaign regarding western cyber-attacks against Russia. This week, the Russian Foreign Ministry stated the West has conducted aggressive and sophisticated cyber operations aimed at stealing data from Russian citizens. Intelligence analysts believe these statements are a possible precursor to justify a cyber-attack on the United States. It was reported last week that intelligence reports indicate that Russia is weighing its options to conduct a cyber-attack on the United States. U.S. Federal law enforcement agencies have suggested U.S. organizations in a critical infrastructure industry should increase their cyber defensive posture to protect themselves from a Russian cyber-attack.