Ukrainian and Russian Hacking Groups Battle For Control

As a disclaimer, I should note that I am writing this from a location in Poland only an hour from the Ukrainian border. This being the case, the events unfolding in this area of the world may influence the tone of this post. Under the circumstances, I find this unavoidable and, possibly, necessary.

As I predicted in a previous post, the invasion of Ukraine by Russian troops was accompanied by an array of cyber attacks, mostly of the DDoS (Distributive Denial  of Service) variety employing an unprecedented number of botnets. This week, Slovakia-based, ESET Research Labs detected data-wiping malware, which they named, HermeticWiper, being released across Ukraine. Data-wiping malware does just as the name implies; it destroys the hard drive on infected machines. HermeticWiper destroys the infected computer’s ability to reboot. It is no surprise, then, that this malware targeted Ukraine government agencies and banks. The trouble with malware is that it can move to networks where it was not originally intended. This particular malware has been found in Latvia and Lithuania. If this was done intentionally, then those countries should expect a physical attack in the near future. It is not surprising that both the UK and US have warned of Russian cyber attacks on its banking sector.

But what about Russia? Is it ever a victim of a massive cyber attack? Apparently, yes, but you’d probably never hear about it. Russia likes to project itself as being immune to such cares. That said, it has been reported that Russia has been a cyber victim on numerous occasions and, in fact, may have the worst protected networks of any of the top five cyber powers. So, although you may hear of cyber attacks on Ukraine and its Western allies, you may never know if Russia is suffering from similar attacks. Just be assured that both sides are intensely battling on the cyber front.

In this atmosphere, it is, perhaps, not surprising to find that hacking groups, many of which are based in Russia and Eastern Europe, are beginning to take sides. All of this week, database leaks from American defense networks, such as that of the U.S. Special Forces network, have appeared on the database leak site, RaidForums. This was followed by leaked data from the Russian FSB networks. I checked out some of this data, which consisted mainly of email addresses and encrypted passwords, and found it to be valid. Now, you may think that an email address is useless. However, if you’re a hacker, it’s like getting the key to the kingdom. Hackers see email addresses as network entry points. Skilled hackers will find as much information as possible about the people using these email addresses and then construct a malicious spearphishing email. In fact, I found a surprising amount of information on some individuals by using their email addresses alone, as they would sometimes use this email as a contact address on other sites.

But then this battle seemed to intensify. Reuters reported that a hacker forum hosted a request from the Ukrainian government. “Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country.” Ukraine has no government affiliated cyber force but the defense ministry contacted Yegor Aushev, the head of a private cyber security firm, to help recruit both offensive and defensive hackers. Most importantly, they seemed to be looking for hackers who could infiltrate the Russian military network to discover what plans they had for Kiev.

The response to this request was overwhelming and volunteers have applied not only from Ukraine but from all over the world, including from Russia.

On the 24th, the RaidForum leak site made the unprecedented move of banning any forum member who tried connecting to their site from Russia. This is important as this forum has numerous Russian members, some of whom must have been angered by this sweeping ban.

Then, early on February, 26th, the site appeared to have been taken down, allegedly by some law enforcement agency, but it could easily have been taken down by angry Russian hackers.

And there are angry Russian hacking groups out there. One of the most successful ransomware groups, Conti, has sided with Russia. Here is their statement.

And, while this was going on, the Anonymous hacking group entered the fray on the side of Ukraine.

Then these tweets appeared.

Supposedly, the database mentioned above is here.

I should also mention that I have been unable to access any Russian government sites although I have seen no disruption of RT services.

So it is that the cyber battlefield gets more complicated every day. However, there is one question that people in this area keep asking? Where is the West? Where is NATO? Where is the U.S.? After all, the U.S. is the leader in cyber capabilities. Why haven’t they joined this cyber war? The answer from President Biden is that if the U.S. is hit by a cyber attack, they will respond in kind. It’s the usual reactive U.S. strategy – wait for the malicious actor to put them on the back foot. There is a lot of hand wringing and displays of sympathy towards Ukraine, but in my memory, no amount of hand wringing has ever stopped a missile. It is, however, encouraging to see that this event has united the world as no other event has been able to do. Perhaps humanity is not dead after all.

The mayor of the Polish city I live in places the Ukrainian flag beside the Polish flag on the balcony of the town hall in expectation of the arrival of refugees.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s