VSMany conflicts take place in the shadows, but in the case of Russia’s invasion of Ukraine, it was a group calling itself Anonymous that made the most public declaration of war. Late Thursday, the hacking collective tweeted from an Anonymous-linked account, @YourAnonOne, that it had Vladimir Putin’s regime in its sights.
In the days that followed, the group claimed credit for several cyber incidents, including distributed denial of service attacks – where a site is rendered inaccessible by being bombarded with traffic – which brought down government websites and that of Russia. Today, the state-backed news newspaper. service. DDoS attacks still appeared to be working on Sunday afternoon, with official Kremlin and Defense Ministry websites still inaccessible.
Anonymous also said it hacked into the Defense Ministry database, while on Sunday it was claimed the group hacked into Russian state TV channels, posting pro-Ukrainian content, including patriotic songs and images of the invasion.
The nature of the group as an informal collective makes it difficult to definitively attribute these attacks to Anonymous. Jamie Collier, consultant to US cybersecurity firm Mandiant, said: “It may be difficult to directly link this activity to Anonymous, as targeted entities are likely to be reluctant to release related technical data. However, the Anonymous collective has a proven track record in conducting this type of activity and it fully matches its capabilities.
Its targets in the past have included the CIA, the Church of Scientology and the Islamic State, and although the collective was rocked by a number of arrests in the United States in the early 2010s, it has revived its activities after the murder of George Floyd. An anonymous former member described its guiding principle as “anti-oppression”.
Russia Today openly blamed its website problems on Anonymous and claimed the attacks originated in the United States after the group issued its “declaration of war”. A spokesperson for the channel said: “After Anonymous’ statement, RT’s websites were subject to massive DDoS attacks from some 100 million devices, mostly based in the US. .”
By contrast, cyber activity against Ukraine has been reduced so far, despite widespread predictions that a Russian military attack on the country would be combined with digital shock and fear. Ukrainian websites were hit by DDoS attacks before the offensive, including the Ukrainian Ministry of Defense and PrivatBank, Ukraine’s largest commercial bank, but there was nothing enterprise-wide. NotPetya attack in 2017 – when a devastating malware attack attributed to Russia destroyed computers. in Ukraine and in the world. Cloudflare, an American technology company that protects businesses against DDoS attacks, described the first denial of service releases last week as “relatively modest”. The UK and US governments have already blamed Moscow for a previous series of DDoS attacks against Ukrainian websites on February 15 and 16.
As with the attacks claimed by Anonymous, DDoS bursts are designed to cause confusion and damage morale, whereas malware can cause serious and irreparable damage. NotPetya, a so-called wiper virus that was inserted into tax accounting software used by Ukrainian companies but spread to other countries, caused $10 billion ($7.5 billion pounds) of damage around the world by permanently encrypting computers.
Last week, Ukraine was hit by an attempted wiper attack, via a new strain of malware called HermeticWiper that prevented computers from restarting. However, the scale of the attack only affected a few hundred machines, and its geographic reach beyond Ukraine was limited to Latvia and Lithuania.
There have been cyber skirmishes elsewhere in the conflict. Partial restrictions were imposed on Facebook by the Russian government after officials accused the social network of censoring state-backed media on the platform, prompting Facebook to ban ads Russian state media. Google’s YouTube platform has also banned ads in state media. Another US tech titan, Elon Musk, is providing satellite internet access to Ukraine via his Starlink satellites, while the Ukrainian government is openly seeking international cryptocurrency donations and has reportedly received millions of dollars in response.
Nevertheless, the cyber dimension of the Ukrainian conflict has been muted so far. Ciaran Martin, professor of practice at the University of Oxford’s Blavatnik School of Government and former director of the UK’s National Cyber Security Centre, says cybernetics has played “a remarkably small role” in the conflict, at least so far.
“Russian cyber activity against Ukraine exists, but it is consistent with Russia’s cyber harassment of the country for years. Also, from what we can see, the response against western Russia so far has not had a strong cyber component – it has been tough sanctions. All of that could change, and the West is right to stay on high alert for increased cyber activity.