The United States and its allies are warning of Russian cyber attacks aimed at disrupting aid to Ukraine and damaging civilian infrastructure.
The United States and several NATO allies have issued a warning about malicious Russian cyber activity aimed at disrupting aid efforts to Ukraine. The GRU (Russian military intelligence) is accused of sabotage and espionage in 26 NATO countries. Companies are being urged to take immediate steps to strengthen their cybersecurity, including applying regular patches, segmenting networks and implementing multi-factor authentication. The warning highlights the rise in cyber attacks since Russia invaded Ukraine in February 2022.
The context of Russian cyber attacks
The cybersecurity agencies of the United States, supported by several allied nations, have issued a joint warning about Russian cyber attacks aimed primarily at disrupting international aid to Ukraine. Among the main groups identified, the GRU, and more specifically Unit 29155, has carried out campaigns of sabotage and destruction through cyber attacks against critical infrastructures and civilian computer systems.
The report published by the NSA, FBI, and other international bodies such as those of Germany, Latvia and Ukraine, highlights the use by these attackers of the WhisperGate malware, designed to infiltrate and destroy Ukrainian computer systems. This strategy is aimed not only at disrupting Ukraine’s logistical operations, but also at disorganising international aid, in particular by targeting infrastructures that facilitate the delivery of humanitarian and military aid.
According to the US authorities, the Russian hackers did not just target military entities, but also sectors such as agriculture and health, with potentially serious consequences for the Ukrainian population. For example, the sensitive medical data of thousands of Ukrainian citizens was published online, exposing their privacy to significant risks.
Measures to protect against these attacks
To combat cyber attacks and prevent future incursions, the joint alert from the security agencies recommends a number of good practices in cybersecurity. Among the recommended measures, companies should give priority to regular system updates and correct vulnerabilities already exploited by hackers. This will limit security breaches and prevent malicious software such as WhisperGate from spreading.
Another key measure is network segmentation, a technique that involves compartmentalising different parts of a network to limit the impact of an attack. If one part of the system is compromised, this approach prevents hackers from accessing all of a company’s resources.
Finally, the alert stresses the importance of activating a phishing-resistant multifactor authentication for sensitive accounts and external interfaces. This measure adds an extra layer of security, reducing the risk of intrusion via password theft attempts.
These recommendations are all the more relevant given that cyber attacks are constantly evolving. Companies such as Leonardo, an Italian defence contractor, have observed an alarming increase in intrusion attempts. According to their co-CEO, Lorenzo Mariani, although the majority of these attempts are minor, some pose real threats to the company’s critical systems.
The rise in cyber attacks since 2022
Since the invasion of Ukraine in February 2022, cyber attacks orchestrated by Russia have escalated significantly. As Russian forces attempt to undermine Ukraine’s infrastructure, cyber attacks have become an integral part of this hybrid war. The clandestine operations arm Unit 29155 has stepped up its efforts to disrupt external support for Ukraine.
The Department of Justice report published alongside the warning accuses several members of the GRU of having carried out destructive attacks even before the invasion. These attacks specifically targeted Ukrainian civil institutions, such as agricultural management and health systems. In addition to material destruction, these intrusions were aimed at shaking up Ukrainian society by publishing sensitive personal information.
The sabotage of health and agricultural systems has had a destabilising effect on the country, adding further pressure to a population already affected by the conflict. These actions are aimed not only at disrupting military operations, but also at sowing fear among civilians and undermining Ukraine’s resilience in the face of Russian aggression.
The importance of international cooperation in cybersecurity
In the face of this growing threat, international cooperation on cybersecurity is crucial. Agencies in the 26 NATO countries affected by these attacks need to work closely together to share information, defence techniques and mitigation strategies. Actors such as Ukraine, which is on the front line of these cyber attacks, are providing valuable lessons to other nations in anticipating and countering these threats.
In addition, international organisations and businesses must continue to improve their cyberhygiene defences. The emphasis on regular system updates, the correction of known vulnerabilities, and the improvement of security protocols such as multifactor authentication are practices that all companies should adopt, whether they are directly involved in helping Ukraine or not.
The integration of these measures is essential to prevent future attacks. Businesses of all types need to be prepared for the possibility of cyber attacks, as the interconnected nature of the modern world exposes any type of digital infrastructure to potential attacks.
Vigilance in the face of cyber threats is essential
The recent revelations about Russian cyber attacks aimed at disrupting aid to Ukraine underline the importance of increased vigilance when it comes to cyber security. As these attacks multiply and affect a variety of critical sectors, it is crucial that organisations, both private and public, take immediate steps to secure their data and protect their infrastructures.
Cyber security is no longer just a concern for large companies or governments, but also affects civil infrastructures and essential services. By adopting proactive defence strategies, such as those recommended in the joint warning, businesses can reduce the risk of intrusion and be better prepared for future threats.
War Wings Daily is an independant magazine.