In a paper written by Dr. Eyal Pinko that appeared on the website of the Begin-Sadat Center for Strategic Studies in Israel, the researcher analyzes the mutual cyber attacks performed by both sides.
Pinko writes that on the day before the outbreak of the war and on its first day, many cyber attacks were launched on Ukraine’s national infrastructure, government offices, and banking system. Most were Denial of Service (DoS) attacks and website defacement. Ukraine, having suffered cyber attacks on its electricity company during the first war in 2014 and the shutdown of electricity in parts of the country for about half a day at that time, was prepared for the current campaign.
“In the first months of the war, Russia repeatedly attacked strategic Ukrainian targets and national infrastructures like banking institutions, the electric company, nuclear facilities, and the transportation infrastructure, but the attacks failed. The Russians launched several strikes, mainly involving the deletion of information from servers and computers. A Russian cyber group called Armageddon targeted civilians and organizations in Ukraine to gather intelligence about the state of mind there, as well as other information that would assist in the ground campaign and the shutdown of Ukrainian national infrastructure. Most Russian attacks from February 2022 to October 2022 were directed against government institutions, IT infrastructures, and the energy sector.”
The Israeli researcher writes that cyber attacks were also used in combination with ground force operations or fire strikes. In April 2022, during the ground attack to capture the Zhaporozhiya nuclear power plant, cyber attacks were conducted against the plant’s corporate networks. The cyber attacks failed, but the plant was captured. In another case, the Russians attempted to disrupt the functioning of the Ukrainian Air Force headquarters in the city of Vinnytsia (200 kilometers south of Kiev). They first conducted a cyber attack on the regional communications network and then fired consecutive sporadic missile strikes on the airfield and headquarters itself. A similar attack was launched at government, military, and national infrastructure installations in the city of Dnipro. The attack began with a DoS strike on the municipality’s computers and website and continued with an attack by 11 cruise missiles on various installations in the city.
Ukraine has also used cyber in the ongoing war. According to Pinko, the Ukrainians responded by vandalizing Russian government websites in the first days of the war.
“Ukrainian President Volodymyr Zelensky even called on hackers from around the world to join the Ukrainian cyber army in attacking Russian websites and infrastructure, as well as to be part of a cyber-based influence campaign. In the latter operation, Ukrainians hacked into Russian government websites, sent messages to the cell phones of Russian citizens condemning the war, hacked the website of Russian television and broadcast messages there, and even hacked the website of the Russian Space Agency.”
Pinko writes that the Anonymous organization claims to have penetrated and taken down the website of the Russian state intelligence service, the FSB. In addition to disrupting Russian state functions, the aim is to influence global and Russian public opinion to end the war.
Pinko emphasizes that while trying to analyze the use of cyber in the Ukraine war, it must be noted that there is a critical limitation on available information, and the descriptions of cyber attacks are based on media reports by publications that have their own agendas.
Navy Commander (ret.) Eyal Pinko is a senior research fellow at the Begin-Sadat Center for Strategic Studies and a researcher and lecturer in intelligence, cyber, national security, and maritime security.