Russia's special military operation in the Donbass region completely broke the three-month-long Cold War stalemate between Russia and Ukraine, and in less than an hour, the Russian side announced the destruction of Ukraine's main military facilities and airfields, and the ongoing war came to an end.
The dilemma between Russia and Ukraine
As early as February 1, the Ukrainian Foreign Ministry stated that in addition to deploying its armed forces to the Ukrainian border, Russia was also trying to use mixed warfare methods such as cyber attacks and disinformation campaigns to destabilize Ukraine.
In February, Ukrainian government security agencies dismantled two botnets suspected of being linked to Russian secret services and took control of 18,000 social network accounts. The two botnets were used to publish fake news to spread panic and send bomb threats aimed at breaking the ukrainian border around the country. Throughout January 2022, SSU blocked more than 120 cyberattacks against the information systems of Ukrainian state institutions.
The National Security Council of Ukraine attaches great importance to the internal cybersecurity posture, trying to actively neutralize the number of cyber attacks, work to dismantle a large number of zombie farms, and constantly expose the proxy networks of hostile intelligence agencies to better prevent cyber sabotage and terrorist attacks.
It has to be said that Ukraine's network environment can only be described as fateful. In recent years, large-scale cyberattacks have continued to "add fuel to the tensions" in Ukraine. We have sorted out some of the major attacks so that you can understand the security situation in Ukraine in recent years.
In March 2014, Ukraine's state telecommunications system was attacked by Cyber. The attack equipment, installed in the Russian-controlled region of Crimea and used to jam the mobile phones of Ukrainian parliamentarians, cut off Ukraine's domestic mobile communications network. A week later, the communications channels of Ukraine's top state security agency and defense council were again subjected to a large-scale DoS attack.
On December 23, 2015, the Ukrainian power sector suffered a malicious code attack, and the Ukrainian news media TSN reported that "at least three power areas were attacked and caused a blackout for several hours at about 15:00 local time". In addition to this, "the attackers invaded the surveillance management system, and more than half of the region and part of the Ivano-Frankivsk region were cut off for several hours."
In January 2016, the computer network at Kiev's Boryspil Airport, Ukraine's largest airport, was infected with BlackEnergy malware and forced to shut down. It is reported that the airport provides about 65% of Ukraine's air passenger traffic, with more than 8 million passengers entering and leaving the port every year. The airport connects the intersection of many air routes in Asia, Europe and the Americas, with approximately 50 domestic and foreign airlines and airports open to air, and more than 100 regular routes for passenger and cargo.
On June 29, 2017, according to Western media reports, the networks of many countries around the world were attacked by a new round of ransomware viruses. High-level Ukrainian government departments, the Central Bank, the State Power Company, the airport in the capital Kiev, the monitoring system for the Chernobyl nuclear accident isolation zone, the Ukrainian metro, the Ukrainian telecommunications company, the aircraft manufacturer Antonov Company and a number of commercial banks, energy companies, ATMs, gas stations, and hypermarkets were affected. It is widely believed that the Russian government orchestrated the ransomware attack, which ultimately cost Ukraine more than $10 billion.
In August 2018, the Ukrainian Security Service (SBU) claimed that critical infrastructure in Ukraine had been attacked by VPNFilter malware, which was said to have originated from Russian intelligence agencies. According to SBU's description, security researchers detected the malware in the industrial control system of the Aulska chlorine station in the city of Dnipropetrovsk in Ukraine, one of the important infrastructures in Ukraine, because it is mainly responsible for supplying chlorine raw materials for clean water treatment to sewage treatment plants in Ukraine.
July 6, 2021: Reuters reports a massive cyberattack on the Website of the Ukrainian Navy. Hackers posted false reports about the 2021 International Sea Breeze Exercise on their website. In a statement, the Ukrainian Ministry of Defense reported that several unsuccessful denial-of-service (DDoS) attacks had also occurred on the Ministry of Defense portal.
On January 14, 2022, more than 70 government websites in Ukraine were also attacked, leaving most of them paralyzed. According to the survey, Ukraine's Ministry of Foreign Affairs, Education, Ministry of Agriculture, Ministry of Defense and other websites have been seriously attacked, many important information has been leaked, and hackers arrogantly published on multiple websites "All Ukrainian information has been made public, data information can not be restored, you should prepare for the worst."
On February 15, 2022, Ukraine was again hit by a massive cyberattack involving at least 10 official Ukrainian websites, including the Ministry of Defense, the Ministry of Foreign Affairs, the Ministry of Culture, and the two largest state-owned banks, in a distributed denial-of-service attack.
On February 24, 2022, Ukraine's State Emergency Service said that Ukraine had cut off the Internet because of the threat of cyberattacks, and wireless and wired connections would be restricted throughout the country.
"Hybrid warfare" may become the norm in modern warfare
Frank Hoffman, a researcher at the National Defense University of the United States, was the first to put forward the concept of "hybrid warfare", which holds that future forms of warfare will often mix conventional military forces or unconventional forces, in addition to high-intensity frontal military conflicts, but also include network attacks, public opinion attacks, blockade sanctions, and the implementation of crimes within the local areas.
Obviously, Russia's military strikes against Ukraine have fully followed the concept of hybrid warfare, because all Russian attacks include cyber attacks, which not only carry out targeted strikes on military and transportation facilities, but also focus on banks, electricity, medical services and IT systems.
In 2013, The Russian Chief of the General Staff, Gerasimov, wrote "The Value of Science and Technology in predicting the Laws of War", which represents the thinking of the Russian military leadership on "hybrid warfare". The article proposes that Russia should learn to use military, scientific, technological, media, political and intelligence strategies to multi-pronged "21st century blitzkrieg" and disrupt the enemy's position at the lowest cost. In 2016, At the Annual Conference of Russian Military Science, Gerasimov published "High-tech Weapons and Scientific Theories Needed for Mixed Warfare", requiring the Russian Academy of Military Sciences to take "mixed warfare" as a key research direction, especially to summarize the lessons learned by the Russian military on the battlefields of Ukraine and Syria and systematize "hybrid warfare".
The normalization of "hybrid warfare" has made the form of modern warfare further expand beyond the battlefield, and even in the invisible battlefield outside the conflict, the opponents waiting for opportunities are also hidden at all times, which undoubtedly deserves the attention of the whole society. Obviously, for you and me who are engaged in network security, in today's increasingly complex international security environment, the intensification of strategic competition among major powers has further increased the possibility of network war first, and we can always maintain vigilance and defensive posture in order to take advantage of the world-class network that may occur in the future.
Reference Articles:
https://www.freebuf.com/news/322066.html