Cyber Conflict and Subversion in the Russia-Ukraine War
Metadata
- Author: Default
- Category: article
- URL: https://www.lawfaremedia.org/article/cyber-conflict-in-the-russia-ukraine-war
Highlights
The Russia-Ukraine war is the first case of cyber conflict in a large-scale military conflict involving a major power.
Contrary to cyberwar fears, most cyber operations remained strategically inconsequential, but there are several exceptions: the AcidRain operation, the UKRTelecom disruption, the September 2022 power grid sabotage, and the catastrophic Kyivstar outage of 2023.
These developments suggest hacking groups are increasingly fusing cyber operations with traditional subversive methods to improve effectiveness.
The first exceptional case is AcidRain. This advanced malware knocked out satellite communication provided by Viasat’s K-SAT service across Europe the very moment the invasion commenced. Among the customers of the K-SAT service: Ukraine’s military. The operation that deployed this malware stands out not only because it shows a direct linkage to military goals but also because it could have plausibly produced a clear tactical, potentially strategic, advantage for Russian troops at a decisive moment.
The second exception is a cyber operation in March 2022 that caused a massive outage of UKRTelecom, a major internet provider in Ukraine. It took only a month to prepare yet caused significant damage. It cut off over 80 percent of UKRTelecom’s customers from the internet for close to 24 hours.
Finally, the potentially most severe challenge to the theory of subversion is a power grid sabotage operation in September 2022. The operation stands out not only because it used a novel technique but also because it took very little preparation. According to Mandiant, it required only two months of preparation and used what is called “living off the land” techniques, namely foregoing malware and using only existing functionality.
After all, why go through the trouble of finding vulnerabilities in complex networks and develop sophisticated exploits when you can take the easy route via an employee, or even direct network access?