SSSCIP’s Perspective on the cyber-attacks unfolded in the context of the military conflict between Russia and Ukraine (January 2022 – January 2024)

Authors

  • Mihai OLTEANU “Carol I” National Defence University, Bucharest, Romania

DOI:

https://doi.org/10.53477/2284-9378-24-04

Keywords:

SSSCIP, Ukraine, APT, cyber security, Russia, military conflict.

Abstract

This paper evaluates the reports of the SSSCIP regarding cyber-attacks carried out against Ukraine from January 2022 to January 2024. From the exploitation of the CaddyWiper malware, attributed by SSSCIP to APT SANDWORM, to the sophisticated campaigns of the FSB and the cyber-attack on Kyivstar, the paper provides an insight into Russian-origin cyber-attacks against Ukraine, as reported by the main Ukrainian authority in the field, SSSCIP.The purpose of the article is to identify how SSSCIP reported cyber-attacks on Ukrainian IT&C infrastructures, the completeness of the published data, and the way the campaigns are presented. To achieve this goal, all SSSCIP reports from the reference period were evaluated, and only those that materialized and affected IT&C infrastructures were included in the study. In conclusion, the paper will primarily highlight the limitations of SSSCIP reports and, secondarily, SSSCIP’s perspective on the domains most frequently targeted by cyber-attacks and the capabilities of Russian actors.

Author Biography

Mihai OLTEANU, “Carol I” National Defence University, Bucharest, Romania

Mihai Olteanu obtained the bachelor’s degree in Intelligence Studies, after graduating from the National Intelligence Academy “Mihai Viteazul” in 2019 and continued his studies by obtaining his master’s degree in Security and Diplomacy, after graduating from the National School of Political and Administrative Studies in 2021.

Professionally a military officer, he conducts research as a PhD student at the National Defense University "Carol I" in the field of Information and National Security, starting from the year 2023.

His scientific activity is ongoing, with a notable article titled: The Sino-American Competition on the 5G Technological Field, published in the Romanian journal Perspective Politice XV.

 

References

Agrafiotis, Ioannis, Jason R.C. Nurse, Michael Goldsmith, Sadie Creese and David Upton. 2018. ”A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate.” Journal of Cybersecurity 4 (1). https://doi.org/10.1093/cybsec/tyy006.

Akimenko, Valeriy and Keir Giles. 2020. ”Russia’s Cyber and Information Warfare.” Asia Policy, National Bureau of Asian Research 27 (2): 67-75. doi:10.1353/asp.2020.0014.

Assoudeh, Mitra. 2020. ”Shaping Cybersecurity Strategy: China, Iran, and Russia in a Comparative Perspective.” RenoProQuest Dissertations Publishing. http://hdl.handle.net/11714/7624.

Balmforth, Tom. 2024. ”Exclusive: Russian hackers were inside Ukraine telecoms giant for months”. https://www.reuters.com/world/europe/russian-hackers-were-inside-ukraine-telecoms-giant-months-cyber-spy-chief-2024-01-04/.

Boschetti, Nicolò, Nathaniel G. Gordon and Gregory Falco. 2022. ”Space Cybersecurity Lessons Learned from the ViaSat Cyberattack.” https://doi.org/10.2514/6.2022-4380.

Bratich, Jack. 2020. ”Civil Society Must Be Defended: Misinformation, Moral Panics, and Wars of Restoration.” Communication, Culture and Critique 13 (3): 311-332. https://doi.org/10.1093/ccc/tcz041.

CERT-EU. 2023. ”Russia’s war on Ukraine: one year of cyber operations”. https://cert.europa.eu/static/threat-intelligence/TLP-CLEAR-CERT-EU-1YUA-CyberOps.pdf.

CERT-UA. 2022a. ”Fragment of the study of cyberattacks 14.01.2022”. https://cert.gov.ua/article/18101.

—. 2022b. ”Sandworm Group Cyberattack (UAC-0082) on Ukrainian energy objects using INDUSTROYER2 and CADDYWIPER malware (CERT-UA#4435)”. https://cert.gov.ua/article/39518.

Cyber Security Intelligence. 2022. ”State Service of Special Communications & Information Protection of Ukraine (SSSCIP)”. https://www.cybersecurityintelligence.com/state-service-of-special-communications-and-information-protection-of-ukraine-ssscip-7222.html.

Davydiuk, Andrii and Vitalii Zubok. 2023. ”Analytical Review of the Resilience of Ukraine’s Critical Energy Infrastructure to Cyber Threats in Times of War.” 15th International Conference on Cyber Conflict: Meeting Reality (CyCon). Tallinn, ESTONIA: IEEE. 121-139. doi:10.23919/CyCon58705.2023.10181813.

Furstenau, Leonardo Bertolin, Michele Kremer Sott, Andrio Jonas Ouriques Homrich and Liane Mahlmann Kipper. 2020. ”20 Years of Scientific Evolution of Cyber Security: a Science Mapping.” International Conference on Industrial Engineering and Operations Management. Dubai, UAE: IEOM Society International. https://www.researchgate.net/publication/40413661_20_Years_of_Scientific_Evolution_of_Cyber_Security_a_Science_Mapping.

Gatlan, Sergiu. 2024. ”Russian hackers wiped thousands of systems in KyivStar attack”. https://www.bleepingcomputer.com/news/security/russian-hackers-wiped-thousands-of-systems-in-kyivstar-attack/.

Geissler, Dominique, Dominik Bär, Nicolas Pröllochs and Stefan Feuerriegel. 2023. ”Russian propaganda on social media during the 2022 invasion of Ukraine.” EPJ Data Science 12 (1). doi:10.1140/epjds/s13688-023-00414-5.

Hernandez-Castro, Julio, Edward Cartwright and Anna Stepanova. 2017. ”Economic Analysis of Ransomware.” https://ssrn.com/abstract=2937641.

Hernandez-Castro, Julio andEdward Cartwright. 2020. ”An economic analysis of ransomware and its welfare consequences.” The Royal Society Open Science.

Hupperich, Thomas. 2023. ”On DDoS Attacks as an Expression of Digital Protest in the Russo-Ukrainian War 2022.” 2023 International Symposium on Networks, Computers and Communications. Doha, Qatar: IEEE. doi:10.1109/ISNCC58260.2023.10323968.

Khonji, Mahmoud, Youssef Iraqi and Andrew Jones. 2013. ”Phishing Detection: A Literature Survey.” IEEE Communications Surveys & Tutorials 15 (4): 2091 - 2121. doi:10.1109/SURV.2013.032213.00009.

Kizilova, Kseniya. 2022. ”Assessing Russian Public Opinion on the Ukraine War.” Social Science Open Access Repository 2-5. https://nbn-resolving.org/urn:nbn:de:0168-ssoar-86994-6.

Kloba, Lev andTaras Kloba. 2022. ”Cyber threats of the banking sector in the conditions of the war in Ukraine.” Financial and Credit Activity - Problems of Theory and Practice 5 (46): 19-28. doi:10.55643/fcaptp.5.46.2022.3883.

Kozak, Pavel, Ivo Klaban and Tomáš Šlajs. 2023. ”Industroyer cyber-attacks on Ukraine’s critical infrastructure.” 2023 International Conference on Military Technologies (ICMT). Brno, Czech Republic: IEEE. 1-6. doi:10.1109/ICMT58149.2023.10171308.

Krithika, N. 2017. ”A study on wha (watering hole attack)–the most dangerous threat to the organisation.” International Journal of innovations in Scientific and Engineering Research (IJISER) 4 (8): 196-198. https://web.archive.org/web/20180421102442id_/http://www.ijiser.com/paper/2017/vol4issue8/Aug2017p101.1.pdf.

Lee, Chia-yi. 2022. ”Why do terrorists target the energy industry? A review of kidnapping, violence and attacks against energy infrastructur.” Energy Research & Social Science 87 (8): 102459. doi:10.1016/j.erss.2021.102459.

Lewis, James A. 2022. ”Cyber War and Ukraine.” https://www.csis.org/analysis/cyber-war-and-ukraine.

Liedekerke, Arthur de and Kira Frankenthal. 2023. ”The Cyber Dimension in Russia’s War of Aggression.” doi:10.5771/9783748917205-239.

Lilly, Bilyana, Kenneth Geers, Greg Rattray and Robert Koch. 2023. ”Business@War: The IT Companies Helping to Defend Ukraine.” 15th International Conference on Cyber Conflict: Meeting Reality (CyCon) (IEEE ) 71-83. doi:10.23919/CyCon58705.2023.10181980.

Lonergan, Erica D, Margaret W Smith and Grace B. Mueller. 2023. ”Evaluating Assumptions About the Role of Cyberspace in Warfighting: Evidence from Ukraine.” 15th International Conference on Cyber Conflict (CyCon). Tallinn, ESTONIA: IEEE. 85-102. https://doi.org/10.23919/CyCon58705.2023.10182101.

Matania, Eviata and Udi Sommer. 2023. ”Tech titns, cyber commons and the war in Ukraine: An incipient shift in international relations.” https://doi.org/10.1177/00471178231211500.

McFail, Michael, Jordan Hanna and Daniel Rebori-Carretero. 2021. ”Detection Engineering in Industrial Control Systems. Ukraine 2016 Attack: Sandworm Team and Industroyer Case Study.” The MITRE Corporation 2-3. https://www.mitre.org/sites/default/files/2022-04/pr-22-0094-detection-engineering-in-industrial-control-systems-ukraine-2016-attack-case-study.pdf.

Mcwhorter, Dan. 2014. ”APT28 Malware: A Window into Russia’s Cyber Espionage Operations?”. https://www.mandiant.com/resources/blog/apt28-a-window-into-russias-cyber-espionage-operations.

Microsoft. 2022. ”Destructive malware targeting Ukrainian organizations”. https://www.microsoft.com/en-us/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/.

Mohurle, Savita and Manisha Patil. 2017. ”A brief study of Wannacry Threat: Ransomware Attack 2017.” International Journal of Advanced Research in Computer Science 8 (5). https://www.ijarcs.info/index.php/Ijarcs/article/view/4021.

Paniotto, Volodymyr. 2020. ”The Attitude of Ukraine’s Population to Russia and Russia’s Population to Ukraine (2008–2020).” NaUKMA Research Papers Sociology 3: 3-14. doi:10.18523/2617-9067.2020.3.3-14.

Patil, Dharmaraj, Tareek Pattewar, Shailendra Pardeshi, Vipul Punjabi and Rajnikant Wagh. 2022. ”Learning to Detect Phishing Web Pages Using Lexical and String Complexity Analysis.” https://eudl.eu/doi/10.4108/eai.20-4-2022.173950.

Paverman, Joseph Herbert. 2019. ”An Examination of Cyber-Attacks Carried Out by Russia to Perpetuate Expansion.” Utica CollegeProQuest Dissertations Publishing. https://www.proquest.com/openview/a0cb326bdab5e2f4c65f0baca4d2ab47/1?pq-origsite=gscholar&cbl=18750&diss=y.

Proska, Ken, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler Mclellan and Chris Sistrunk. 2023. ”Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology”. https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology.

Radu, Claudiu-Cosmin. 2022. ”Russia’s approach to cyberspace.” International Scientific Conference Strategies XXI. Volume XVIII. București: “Carol I” National Defence University Publishing House. 533-544. https://doi.org/10.53477/2971-8813-22-61.

Ratten, Vanessa. 2022. ”The Ukraine/Russia conflict: Geopolitical and international business strategies.” Thunderbird - International Business Review 65 (2): 265-271. https://doi.org/10.1002/tie.22319.

Sapuppo, Mercedes. 2023. ”Ukrainian telecoms hack highlights cyber dangers of Russia’s invasion”. https://www.atlanticcouncil.org/blogs/ukrainealert/ukrainian-telecoms-hack-highlights-cyber-dangers-of-russias-invasion/.

Smith, Margaret W. and Thomas Dean. 2023. ”The Irregulars: Third-Party Cyber Actors and Digital Resistance Movements in the Ukraine Conflict.” 15th International Conference on Cyber Conflict: Meeting Reality (CyCon) 103-119. doi:10.23919/CyCon58705.2023.10182061

Soesanto, Stefan. 2023. ”Ukraine’s IT Army.” Global Politics and Strategy 65 (2): 93-106. https://doi.org/10.1080/00396338.2023.2218701.

SSSCIP. 2022a. ”A fragment of the January 14 cyber attack investigation has been published”.

https://www.cip.gov.ua/en/news/opublikovano-fragment-doslidzhennya-kiberatak-14-sichnya.

—. 2022b. ”A new program erasing data from computers has been detected”. https://www.cip.gov.ua/en/news/viyavleno-novu-programu-yaka-stiraye-dani-z-komp-yuteriv.

—. 2022c. ”Cyberattack against Ukrtelecom on March 28: the details”. https://www.cip.gov.ua/en/news/kiberataka-na-ukrtelekom-28-bereznya-detali.

—. 2022d. ”Cyberattacks against Ukraine are carried out by Russian military hackers”.https://www.cip.gov.ua/en/news/cyberattacks-against-ukraine-are-carried-out-by-russian-military-hackers.

—. 2022e. ”Сyberattacks on the sites of military structures and state banks”. https://www.cip.gov.ua/en/news/shodo-kiberataki-na-saiti-viiskovikh-struktur-ta-derzhavnikh-bankiv.

—. 2022f. ”Four Months of War: Cyberattack Statistic”. https://www.cip.gov.ua/en/news/chotiri-misyaci-viini-statistika-kiberatak.

—. 2022g. ”Hackers mainly attack state institutions, telecommunication operators, local authorities, logistics companies and medical resources of Ukraine”. https://www.cip.gov.ua/en/news/khakeri-atakuyut-perevazhno-derzhavni-ustanovi-operatoriv-zv-yazku-miscevi-organi-vladi-logistichni-kompaniyi-ta-mediaresursi-ukrayini.

—. 2022h. ”Heavy cyberattack on Ukraine’s energy sector prevented. https://www.cip.gov.ua/en/news/poperedzhena-masshtabna-kiberataka-na-energetichnii-sektor-ukrayini.

—. 2022i. ”Latest update on networks operation in Ukraine as of April 11, 15:00”. https://www.cip.gov.ua/en/news/operativna-informaciya-derzhspeczv-yazku-pro-robotu-mobilnogo-zv-yazku-internetu-ta-cifrovogo-telebachennya-v-ukrayini-stanom-na-15-00-11-kvitnya-2022-roku.

—. 2022j. ”Russian cyberattack on the OLL.TV service”. https://www.cip.gov.ua/en/news/kiberataka-rosiyi-na-servis-oll-tv.

—. 2022k. ”Russian cyberwarfare against Ukraine seem to have reached its peak”. https://www.cip.gov.ua/en/news/rosiiski-kibernastupalni-operaciyi-na-ukrayinu-imovirno-dosyagli-svogo-maksimalnogo-potencialu.

—. 2022l. ”Russian hackers attempted to cut electricity supply to many Ukrainians”. https://www.cip.gov.ua/en/news/rosiiski-khakeri-namagalisya-pozbaviti-dostupu-do-elektroenergiyi-znachnu-kilkist-ukrayinciv.

—. 2022m. ”Russian Invaders Disabled Communication Services in the South of Ukraine”. https://www.cip.gov.ua/en/news/rosiiski-okupanti-vidklyuchili-zv-yazok-na-pivdni-ukrayini.

—. 2022n. ”SSSCIP’s State Centre of Cybersecurity has neutralized an attack on public authorities’ websites”. https://www.cip.gov.ua/en/news/derzhavnii-centr-kiberzakhistu-derzhspeczv-yazku-neitralizuvav-ataku-na-saiti-derzhavnikh-organiv.

—. 2022o. ”Starlink in Ukraine: How Elon Musk’s Satellite Internet is Helping Now and What the Prospects Are”. https://www.cip.gov.ua/en/news/starlink-v-ukrayini-yak-suputnikovii-internet-vid-ilona-maska-dopomagaye-zaraz-ta-yaki-perspektivi

—. 2022p. ”Statistics of Cyber Attacks on Ukrainian Critical Information Infrastructure:

-22 March”. https://www.cip.gov.ua/en/news/statistika-kiberatak-na-ukrayinsku-kritichnu-informaciinu-infrastrukturu-15-22-bereznya.

—. 2022q. ”The war continues not only on land, in the air and at sea. Cyberspace has also become an arena for hostilities”. https://www.cip.gov.ua/en/news/the-war-continues-not-only-on-land-in-the-air-and-at-sea-cyberspace-has-also-become-an-arena-for-hostilities.

—. 2022r. ”Today’s attacks are a continuation of the attacks that took place on February 15”. https://www.cip.gov.ua/en/news/23-lyutogo-2022-roku-stavsya-chergovii-akt-kiberagresiyi-proti-ukrayini.

—. 2022s. ”Ukraine is not the only target for russian hackers, but a major one”. https://www.cip.gov.ua/en/news/ukrayina-ne-yedina-cil-rosiiskikh-khakeriv-prote-odnaz-golovnikh.

—. 2022t. ”Ukrainian television and radio are back in Kherson”. https://www.cip.gov.ua/en/news/do-khersona-povernulosya-ukrayinske-telebachennya-i-radio.

—. 2022u. ”Within a month of war, there were already three times more hacker attacks than during the same period last year”. https://www.cip.gov.ua/en/news/za-misyacviini-vzhe-stalosya-maizhe-vtrichi-bilshe-khakerskikh-atak-riznogo-vidu-nizh-zaanalogichnii-period-minulogo-roku.

—. 2023a. ”A Cyberattack Failed to Disrupt Ukrinform News Agency”. https://www.cip.gov.ua/en/news/kiberataka-ne-zmogla-zupiniti-robotu-informaciinogo-agentstvaukrinform.

—. 2023b. ”At least 23 russian cyber terrorist groups act against Ukraine”. https://www.cip.gov.ua/en/news/proti-ukrayini-pracyuyut-shonaimenshe-23-rosiiski-kiberteroristichni-khakerski-grupi.

—. 2023c. ”Attacks against IT companies and specialized software developers as a threat to critical infrastructure”. https://www.cip.gov.ua/en/news/ataki-na-it-kompaniyi-taspecializovanikh-rozrobnikiv-pz-yak-zagroza-kritichnii-infrastrukturi.

—. 2023d. ”CERT-UA experts are investigating a cyberattack against Kyivstar telecom operator’s network”. https://www.cip.gov.ua/en/news/fakhivci-cert-ua-doslidzhuyut-kiberataku-na-merezhu-telekom-operatora-kiyivstar.

—. 2023e. ”Cyberattack on the State Statistics of Ukraine: the enemy reports another nonexistent «victory»”. https://www.cip.gov.ua/en/news/kiberataka-na-derzhstatukrayini-vorog-ukotre-prozvituvav-pro-peremogu-yakoyi-ne-bulo.

—. 2023f. ”Cybercriminals tried to steal data, disguising themselves as Ukrainian MFA”.

https://www.cip.gov.ua/en/news/kiberzlovmisniki-namagalisya-vikradati-danimaskuyuchis-pid-ukrayinske-mzs.

—. 2023g. ”How russian and pro-russian hackers attack Ukraine”. https://www.cip.gov.ua/en/news/yaki-rosiiski-ta-prorosiiski-khakeri-atakuyut-ukrayinu.

—. 2023h. ”Local public authorities are among the key targets for russian hackers”. https://www.cip.gov.ua/en/news/miscevi-organi-vladi-odna-z-osnovnikh-mishenei-rosiiskikh-khakeriv

—. 2023i. ”Russian hackers attacked users in Ukraine and Poland once again: this time they used emails containing links to «documents»”. https://www.cip.gov.ua/en/news/rosiiski-khakeri-vchergove-atakuvali-koristuvachiv-ukrayini-ta-polshi-cogo-razu-zadopomogoyu-elektronnikh-listiv-z-posilannyami-na-dokumenti.

—. 2023j. ”Russian hacking group Turla attacks defense forces using CAPIBAR and KAZUAR malware — CERT-UA investigation”. https://www.cip.gov.ua/en/news/rosiiske-ugrupuvannya-turla-spryamovuye-ataki-proti-sil-oboroni-vikoristovuyuchi-shkidlivi-programi-capibar-ta-kazuar-doslidzhennya-cert-ua.

—. 2023k. ”Targeted cyberattacks remain among the major cyber threats posed by the FSB hackers — Report”. https://www.cip.gov.ua/en/news/targetovani-kiberataki-zalishayutsya-odniyeyu-z-osnovnikh-kiberzagroz-vid-khakeriv-iz-fsb-zvit.

—. 2023l. ”The attack on Ukrinform might have been carried out by the Sandworm hacking group, associated with russian GRU: preliminary results of CERT-UA investigation”. https://www.cip.gov.ua/en/news/ukrinform-mogli-atakuvati-khakeriz-ugrupuvannya-sandworm-pov-yazanogo-z-rosiiskim-gru-poperedni-danidoslidzhennya-cert-ua.

Steinbrecher, Dominique. 2022. ”Viasat KA-SAT attack (2022)”. https://cyberlaw.ccdcoe.org/wiki/Viasat_KA-SAT_attack_(2022).

Sullivan, Scott. 2023. ”Unpacking Cyber Neutrality.” 15th International Conference on Cyber Conflict (CyCon). Talinn, ESTONIA: IEEE. 9-23. https://www.ccdcoe.org/uploads/doc/CyCon_2023_book_print.pdf.

Tarasenko, Oleh, Dmytro Mirkovets, Artem Shevchyshen, Oleksandr Nahorniuk-Danyliuk and Yurii Yermakov. 2022. ”Cyber security as the basis for the national security of Ukraine.” Cuestiones Politicas 40 (73): 583-599. https://doi.org/10.46398/cuestpol.4073.33.

Temple-Raston, Dina. 2023. ”In recent interview, ousted Ukrainian cyber official spoke about new Russian attacks, long-term plans”. https://therecord.media/victor-zhora-interview-click-here-ousted.

Visvizi, Anna and Miltiadis D. Lytras. 2020. ”Government at risk: between distributed risks and threats and effective policy-responses.” Transforming Government: People, Process and Policy 14 (3): 333-336. https://doi.org/10.1108/TG-06-2020-0137.

Willett, Marcus. 2022. ”The Cyber Dimension of the Russia–Ukraine War.” Global Politics and Strategy 64 (5): 7-26. https://doi.org/10.1080/00396338.2022.2126193.

Wilson, Richard L. and Alexia Fitz. 2023. ”Nuclear Weapons, Cyber Warfare, and Cyber Security: Ethical and Anticipated Ethical Issues.” Proceedings of the 18th International Conference on Cyber Warfare and Security Vol. 18 No. 1. Baltimore, MD: Towson University. 440-448. https://doi.org/10.34190/iccws.18.1.1050.

Downloads

Published

2024-04-08

How to Cite

OLTEANU, M. . (2024). SSSCIP’s Perspective on the cyber-attacks unfolded in the context of the military conflict between Russia and Ukraine (January 2022 – January 2024). BULLETIN OF "CAROL I" NATIONAL DEFENCE UNIVERSITY, 13(1), 63–79. https://doi.org/10.53477/2284-9378-24-04

Issue

Section

Articles