Ukraine is facing an “unprecedented” volume of Russian-linked cyber attacks more than a year since the country was invaded, experts have said.
But a new independent report by the European Cyber Conflict Research Initiative (ECCRI) also warns that while Kyiv has shown remarkable resilience in the face of Russian cyber threats, the response could create some “concerning precedents”.
The nearly 40-page study, commissioned by the National Cyber Security Centre (NCSC) and published to coincide with the CyberUK conference in Belfast, comes amid concerns that the threat posed by Russian-aligned cyber groups extends beyond Ukraine, with the UK and allies also targets.
The study praises the “incredible resilience and determination” shown by Ukraine in its cyberspace defences, pointing in particular to the success of the country’s so-called IT Army – a volunteer network of hackers that has been engaged in cyberwarfare with Russia since the conflict began.
“The IT Army has met with a lot of success in large part because they have figured out a way to gamify the response to the conflict.
“In its recruiting efforts, the IT Army has romanticised the role of volunteers. The IT Army leadership has also provided clear, step-by-step outlines of how to target and achieve effects,” the report says.
It notes that “in the past, countries have had to deal with civilians leaving and joining terrorist organisations, becoming radicalised, and then returning to their native countries”.
The authors say: “Many governments have developed systems to deal with this potential threat. With cyber operations, however, an actor can conduct attacks at a distance.
“Drawing an individual into the IT Army of Ukraine is much simpler than the radicalisation processes we’ve seen in the past, and there is no good existing legal framework for dealing with this issue.”
Elsewhere in the report, which is based on a workshop earlier this year, the authors found that it was becoming increasing difficult in the context of war to distinguish between cyber criminal groups and political activists.
“Some groups claim to pursue “hacktivism” but seem to be more interested in financial gain than in making political statements. Other criminal groups have even fractured over political differences,” the report found.
“Participants also noted that the goals of several criminal groups seem to have shifted from denying access to information for financial gain, to stealing that information for state intelligence purposes. These groups have pivoted toward infiltration and information gathering as their primary goal.”
Pointing to the growing danger posed by ransomware, the authors say that governments facing sanctions – like Vladimir Putin’s Moscow regime – will often have an incentive to “give criminal actors expanded room to manoeuvre”.
Paul Chichester, director of operations at the National Cyber Security Centre, said: “We are very grateful to ECCRI for this important and valuable analysis of the cyber dimensions of the Russia-Ukraine conflict to date.
“The report offers a range of helpful insights, not least around what Ukraine has taught us about the power of resilient systems in the face of sustained cyber attacks.
“As we look to the future during our CyberUK conference, this is a timely contribution to the debate on what we can learn from the conflict, as well as the limits to our current understanding.”
Security Minister Tom Tugendhat said that the Government would assess the findings from the report and “learn the lessons” it offers.
“Putin’s illegal war isn’t just being fought on the ground. Ukraine’s protectors are also defending their country against unprecedented cyber attacks on a digital battlefield.
“This report has shone an important spotlight on a different kind of hostility which the Ukrainians have responded to with exceptional resilience and determination.”
