Ride the Lightning

Ukraine Builds an ‘IT Army’ to Defend its Networks and Hack Russian Targets

March 2, 2022

ZDNet reported on March 1 that the Ukraine is building what it calls an “IT army” to defend against cyberattacks by Russia and to launch cyberattacks against Russia.

Russia’s cyberattacks target Ukrainian services and infrastructure, including DDoS attacks and destructive wiper malware campaigns. This led to the Ukrainian government calling for volunteers to help with cybersecurity. Now, it has also requested support in conducting offensive cyber operations against Russia.

“We are creating an IT army,” Mykhailo Fedorov, vice prime minister of Ukraine said in a tweet. “There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists,” he added, alongside a Telegram link to join the ‘IT Army of Ukraine’, which now has tens of thousands of subscribers.

Supporters were provided with a list of websites of 31 Russian targets. They include organizations in both the state-backed and private sectors, including government agencies, banks, critical infrastructure and energy providers, including Gazprom and Lukoil, as well Russian email provider and search engine, Yandex. The list of targets is also being circulated in some underground forums.

The Russian ransomware group Conti announced “full support of Russian government” and the intention to “strike back at the critical infrastructure of an enemy” in response to cyberattacks against Russia.

A later statement by Conti claimed it doesn’t support any government, but it will strike back against the West and “American cyber aggression.” Conti has since seen many of its internal documents leaked in what appears to be retaliation by some members of Conti who are supportive of Ukraine.

According to analysis by Check Point, there has been a 196% increase in cyberattacks targeting Ukraine’s government and military since Russia sent troops into Ukraine. Cyberattacks will likely increase in both directions, particularly as more and more people join Ukraine’s cyber army.

It is hard to gauge the impact the new cyber army will have. It may well rally support for Ukraine, but of course hacking is illegal in most countries – will there be a price to be paid?

“Conducting or participating in cyberattacks, even in what could be considered a noble effort to support Ukraine against the Russian aggression and invasion, could be subject to how different countries interpret hacking laws,” says Jens Monrad, head of threat intelligence, EMEA, at Mandiant.

There is also the risk that cyberattacks, even unintentionally, could cause disruption outside Ukraine and Russia.

As UK National Cyber Security Centre (NCSC) CEO Lindy Cameron commented recently: “Cyberattacks do not respect geographic boundaries”. International consensus also suggests the Russian military was behind the widespread and disruptive NotPetya malware attack of June 2017. The malware attack was designed to disrupt financial, energy and government sectors in Ukraine, but it spread to organizations around the world, costing billions of dollars in damages.

“As a combat veteran, I’m in total awe of the courage of the Ukrainian people. While there are no specific threats to the US, we must be prepared for spillover effects of Russian cyber ops or an uptick in ransomware,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said on Twitter.

In an uncertain time, we should all be extra mindful of our security posture.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson