Ukrainian government websites were knocked offline Wednesday in a new wave of cyberattacks pummeling Ukraine, just as Russian forces are starting to roll into the country and Ukraine declares a nationwide state of emergency over Russia’s recent aggression.
The sites of Ukraine’s Ministry of Foreign Affairs, its Security Service or SBU, and Cabinet of Ministers were all down Wednesday. Banks are also affected, Ukraine’s minister of digital transformation, Mykhailo Fedorov, said on his Telegram channel. Ukrainian soldiers have also recently reported receiving alarming text messages urging them to flee or be killed, in what appeared to be an attempt to degrade their morale.
Hackers have also recently deployed wiper malware, or destructive software, in Ukraine, cybersecurity researchers at ESET said Wednesday.
It was not immediately clear who was responsible for the website downs, hacking, or the SMS messages, or if it was the same actor, but it reeks of the same playbook the Russian government has used in recent days to try to use cyber-operations to sow confusion and doubt in Ukraine in advance of an invasion.
According to the U.S. and U.K. intelligence communities’ assessments, Russia’s GRU, its main intelligence directorate, was responsible for a similar cyber-operation known as a DDoS that knocked Ukraine’s Ministry of Defense and Armed Services websites offline and hit Ukrainian banks just last week, Anne Neuberger, Biden’s Deputy National Security Advisor for Cyber and Emerging Technology, said in recent days.
The attack appeared to have multiple prongs, including a psychological effects one: Ukrainians also received SMS messages alerting them that ATMS weren’t working in an apparent attempt to create panic in the country. The messages were fake, according to Ukraine’s police force.
Fedorov said the attacks in this case are DDoS operations as well, which is a cyber-operation when attackers overwhelm a site to the point it malfunctions and shuts down. Ukraine’s cybersecurity agency, the State Service for Special Communication and Information Protection confirmed to The Daily Beast Wednesday that DDoS attacks had pummeled government websites and banks.
Cloudflare, a cybersecurity firm, told The Daily Beast that DDoS attacks have been on the uptick in Ukraine lately.
“We’ve seen sporadic DDoS activity in Ukraine. We’ve seen more DDoS activity this week than last week, but less than a month ago,” a spokesperson told The Daily Beast.
It’s not clear the threatening SMS messages troops are receiving now and the fresh website downs are related.
But both appear to be a page out of Russia’s operations playbook, Steve Hall, the former CIA chief of Russia operations, told The Daily Beast.
“This is the old script that the Russians used—and that all militaries used. You’re always going to prepare the battlefield with some sort of propaganda efforts,” Hall told The Daily Beast. “Whether you’re dropping leaflets behind enemy lines… now it’s much easier these days you just go on the internet and send these leaflets in electronic format… you’re preparing the battlefield, you’re preparing the battlespace so that you soften resistance.”
Ukrainians have long received threatening text messages suspected to come from the Kremlin just like the ones they’re receiving this week, according to the Associated Press. After fighting increased in Eastern Ukraine in 2014, Ukrainians began receiving messages their forces were being decimated. In 2017, similar messages arrived:
It is part of hybrid war to keep us in tension all the time.
“Ukrainian soldiers,” the messages warned, according to the AP, “they’ll find your bodies when the snow melts.”
Now, the messages warn Ukrainians to run for their lives.
“There is still time to save your life and leave the JFO zone,” the messages read, according to InformNapalm, a Ukrainian activist group, reported Focus, a Ukrainian news outlet.
Ukraine’s information minister, Tkachenko Oleksandr, told Sky News the new cyber-operations are likely aimed at keeping Ukrainians under pressure.
“It is part of hybrid war to keep us in tension all the time,” he said.
Russia’s GRU could have more cyber-operations in the pipeline, including hack and leaks and destructive operations, John Hultquist, Vice President at Mandiant Threat Intelligence, told The Daily Beast.
“We expect a lengthy campaign of incidents that may range from simplistic to complex,” Hultquist told The Daily Beast. “In the past we’ve seen the GRU carry out a protracted campaign that included DDoS, defacement, hack and leaks, and destructive attack. The incessant nature of the incidents ensures they are harder to ignore.”
The psychological operations like this and the cyberattacks from Russia are only likely to increase from hereon out, and their arrival just as Russia recognizes two breakaway territories in Ukraine and moves in for the jugular, suggest Russia is likely about to ramp things up even more, Hall said.
“It almost certainly presages more military operations.”