Active Defense & Deception , Business Continuity Management / Disaster Recovery , Critical Infrastructure Security

Ukraine Assembles IT Army to Perform DDoS on Russia

'Starlink Service Is Now Active in Ukraine,' Elon Musk Says
Ukraine Assembles IT Army to Perform DDoS on Russia
Starlink Mission - SpaceX launch, Vandenberg Space Force Base, California (Source: Starlink via YouTube)

In the early days of the Russian invasion, the Ukrainian Ministry of Defense reportedly issued a call for Ukrainian hackers to safeguard its networks and potentially tap into Russian infrastructure. Now, Mykhailo Fedorov, Ukraine's vice prime minister and minister of digital transformation, says he is creating an IT army and calling for digital talents.

See Also: OnDemand | Understanding Human Behavior: Tackling Retail's ATO & Fraud Prevention Challenge

The minister says that the operational tasks will be given on a Telegram channel, which so far has more than 29,000 subscribers. On Sunday, the channel released a list of websites containing 31 major Russian businesses and state organizations, including energy giant Gazprom; Lukoil, one of Russia's top oil producers; three banks and a couple of government websites.

"There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists," the minister says.

Jake Williams, a former member of the U.S. National Security Agency's elite hacking team and a research analyst, says he is usually concerned about "vigilante-style cyberattacks" affecting legitimate intelligence operations. "But given the existential nature of the threat to Ukraine," he says, I can totally understand why Ukraine is doing this. When your very survival is being threatened, it's hard to worry about the intelligence collection that other nations may or may not be doing."

Earlier, Ukraine was looking to its underground hackers to field a team of digital volunteers to serve as a line of Ukrainian defense, including spying on Russian troops. Sign-up requests reportedly began circulating on Thursday (see: Ukraine Reportedly Calls for Volunteer Cyberwarriors).

Sam Curry, chief security officer at cybersecurity firm Cybereason, says the growing resistance to the Russian invasion of Ukraine extends a lot farther than NATO members. "Overall, I'm not surprised one bit that IT armies would be planning a 'hackback' campaign," he says. "In the coming days, the ultimate cat-and-mouse game will continue to play out, with the bully Russia facing off against very capable and motivated groups fighting back and looking to disrupt Russian operations,."

Curry says it is likely that as U.S.- and NATO-driven sanctions begin to take effect in Moscow, state-sponsored ransomware activity will pick up. It had been nearly dormant in the past few weeks, he says, as resources were refocused on the Russian military and intelligence operations against Ukraine."

Updates on Telegram Channel

Since the announcement of the channel, the Telegram page has posted that multiple cyberattacks have hit the Russian governmental services portal, Kremlin, parliament, First Channel, aerospace, and railroad websites on Saturday, according to the Russian media. The post says: "fifty-plus DDoS attacks contained over one terabyte capacity. Who has done that? ;) what a pity accident."

Etay Maor, senior director of security strategy at Cato Networks, says that since the beginning of the Russia-Ukraine conflict, numerous groups have decided to align themselves with a side. Several ransomware and hacking groups - some of which are suspected of being proxies for or associated with Russian intelligence - have announced they will target anyone who will target Russia, while other groups, such as Anonymous, have already targeted Russian-affiliated sites.

"Just like in any war, actions are hard to contain. Attacks may have collateral damage, such as in the case of notPetya and what Maersk suffered. Attribution is very difficult, and almost anyone can launch an attack from anywhere in the world. Escalating the stakes - constantly upping the ante on the targeted entities - may result in retribution as well as escalation in the physical conflict. There is also the aspect of what defines a war crime when it comes to the cyber realm. Does taking down a hospital system or control systems of a power plant - actions that may cause loss of life - constitute a war crime?," Maor says to Information Security Media Group.

The IT Army also plans to attack Belarusian sites following the Belarus referendum to renounce non-nuclear status, after even more enemy troops are expected to enter Ukraine, the channel says.

"We need to stop Lukashenka. Belarusians do not know what is happening in Ukraine! We need a massive information company in Belarus about real events in our country. Targeting, media, cyber front,” the Telegram channel says.

The State Service of Special Communication and Information Protection of Ukraine is encouraging people to use a specific DDoS attack website at 13:20 on Sunday. Stefan Soesanto says that the organization tells people how it works and describes how to install a VPN. Soesanto is a senior cyber defense researcher at the Center for Security Studies in Zurich.

"To me, that's a state-encouraged and planned DDoS campaign against a third country that's not yet officially party to the conflict. Lots of assumptions of international law applicable in cyberspace are going to be rewritten," Soesanto says.

The Computer Emergency Response Team of Ukraine also warned of a massive spear-phishing campaign targeting private accounts of Ukrainian military personnel and related individuals. CERT-UA attributes the activities to the UNC1151 group, which consists of officers of the Ministry of Defense of the Republic of Belarus (see: Belarusian Spear-Phishing Campaign Targets Ukraine Military).

Maor says there is not much new recruits can do to protect a country's digital infrastructure. "These calls for arms are on the offensive side," he says, "and nations need to be careful as to who may decide to join the fight and what their actions may result in."

Musk Offers Internet

Responding to a call for help from Ukraine on Twitter, Elon Musk extended a lifeline to the internet. Fedorov requested Musk to provide Ukraine with Starlink stations and to address "sane Russians to stand."

Musk responded, "Starlink service is now active in Ukraine. More terminals en route."

Starlink Internet Service is provided by Musk's company SpaceX, whose services are not provided through cable as SpaceX provides satellite internet access.


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent, ISMG

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.