Russia’s invasion of Ukraine has changed cybercrime forever, says report
Russia’s invasion of Ukraine has fundamentally altered the character of cybercrime, according to a new report. Research released The researchers warned that cybersecurity agencies across Europe and North America need to possess greater awareness of the threat posed At the start of the war, says the report, the distinction between the activities of state-sponsored hackers and their criminal counterparts was clearer. State-sponsored advanced persistent threat (APT) actors were acting on behalf of services within the Russian government. Meanwhile, financially motivated ransomware-as-a-service (RaaS) gangs were working under the protection of the Russian government, but with their own financial interests.
A year on from Russia’s invasion, however, and the lines between the two have blurred significantly. ‘Immediately following the Russian full-scale invasion of Ukraine, threat groups began to publicly declare allegiance,’ said the Recorded Future report. This, in turn, caused several cybercriminal gangs such as Conti to destabilise, with their groups suddenly becoming legitimate targets for retaliation This did not prevent the same gangs from paying special attention to attacking Ukrainian civilians. A recent report from Microsoft found that cybercriminal organisations increased their targeting of users in Ukraine They have been aided in this campaign Hacktivism has also flourished in the conflict zone and beyond, on both sides. Groups like the pro-Moscow gang Killnet – which ‘declared war’ on ten countries, mostly Nato allies, in May – have been pitted against the ‘IT Army of Ukraine,’ which published its own target list to its followers in an attempt to solicit the aid of third-party threat actors. The group now has approximately 200,000 followers, according to the Recorded Future report.
Other hacktivist groups have followed suit, including a new version of Anonymous specifically organised to support the Ukrainian war effort. According to Recorded Future, the group comprises threat actors including Network Battalion 65, AgainstTheWest, v0g3lSec, DoomSec, SHDWSec, and GhostSec, among others.
Content from our partners
Involvement with the war on all sides has forever muddied the waters of attribution and even motivation inside the cybercrime landscape, explains Mark Fowler, senior vice president for strategic engagements and threats at Darktrace. Now, says Fowler, “It’s not as simple as attributing all cyber campaigns to nation-state actors. While they do have state-sponsored offensive capabilities, there is a wider, blurry circle of criminal gangs that are loyal to Russia and use cyberattacks as a way to carry currency within that regime.”
As a result, it has now become impossible for defenders to distinguish between attacks committed The only way forward from here is to define what cybercrime has become, and come to an international accord – something that will take time, explains Fowler. “The discussion begins with us asking ‘what is an act of cyber war?’,” he says, “and should end with us asking, ‘At what point do we consider kinetic response to cyber operations that cause physical destruction?’.”