Ukraine warns of Russian cyber attacks targeting critical infrastructure
The next wave of attacks will likely focus on disrupting facilities and institutions related to the energy sector.
Russia intends to launch 'massive cyberattacks' on the critical infrastructure of Ukraine and its allies, the Ukrainian government warned on Monday.
The Main Directorate of Intelligence of Ukraine's Ministry of Defence (HUR MO) said that the next wave of attacks would likely concentrate on disrupting and destroying facilities and institutions related to the energy sector.
'First of all, the blow will be aimed at enterprises of the energy sector,' it said, adding that lessons learned by Russia from cyber attacks on Ukraine's energy infrastructure in 2015 and 2016 are likely to be used in fresh attacks.
Malware known as BlackEnergy (2015) and Industroyer (2016) were used in prior operations that were attributed to Russia's GRU hackers. These malware programmes were intended to impair Ukrainian power supply and industrial production.
The agency added that the most likely objective of upcoming Russian cyber attacks would be to slow down the continuing offensive of the Ukrainian Army and to boost the impact of missile strikes on electrical supply infrastructure, particularly in the east and south of Ukraine.
'The Kremlin also intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine's closest allies, primarily Poland and the Baltic countries,' HUR MO added.
Several Ukrainian institutions, including banks and governmental organisations, were the subject of an increasing number of cyber attacks prior to the commencement of the Ukraine War, many of which took the form of DDoS assaults or wiper operations.
A top Ukrainian cyber official told reporters in April that Ukraine stopped a planned attack intended to take down several electrical substations and other components of a grid serving up to 2 million people.
Sandworm, the group responsible for the attack, had modified and updated the Industroyer malware from 2016 and had also intended to use destructive malware to obscure any investigation and render the computers unrecoverable, researchers said at the time.
In June, Microsoft also warned of rising Russian cyberattacks, noting that hackers were not only going after government systems, but also targeting other sectors that might have crucial information related to the Ukraine war, such as humanitarian groups, defence, telecommunications and energy firms.
Microsoft said that since the start of the war, it had identified more than 100 organisations in 42 countries affected by the attacks.
More than 60% of the activity targeted organisations in NATO states; the US was the main country targeted, accounting for 12% of the worldwide total. Cybercriminals also focused on Poland, the hub for delivering the majority of military and humanitarian goods to Ukraine.
The European Council warned in July that Russian threat groups were expanding their attacks on 'essential' organisations throughout the globe, raising the possibility of escalation and spillover risks.
Last week, Russian President Vladimir Putin ordered the call-up of some 300,000 military reservists after losing thousands of kilometres of territory in the eastern and southern regions of Ukraine over the last three weeks.