The Ukrainian conflict, which began over seven years ago, saw Russia invade and annex Crimea and support pro-Russian separatists in eastern Ukraine. Since then, the war has continued, and cyber operations have played an increasingly important role in the conflict: the Fog of War.
Google recently released a report titled “Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape” to better understand the importance of cyber threats in this conflict. The report is based on analysis from Google’s Threat Analysis Group (TAG), Mandiant, and Trust & Safety.
The Google report reveals that government-backed attackers from Russia have conducted an aggressive and multi-dimensional effort to gain a decisive wartime advantage in cyberspace. Threat actors have adopted spear-phishing tactics targeting NATO countries, a significant increase in the use of destructive attacks on Ukrainian government, military, and civilian infrastructure, and cyber operations designed to further multiple Russian objectives.
The report also shows a significant increase in targeting Ukraine by government-backed attackers from Russia. In 2022, Russia increased targeting of users in Ukraine by 250% compared to 2020. Attackers are heavily focused on Ukrainian government and military entities, but the campaigns that Google disrupted also show a strong focus on critical infrastructure, utilities and public services, and the media and information space.
The report also reveals that Russia has used the full spectrum of information operations (IO), from overt state-backed media to covert platforms and accounts, to shape public perception of the war. These operations aim to undermine the Ukrainian government, fracture international support for Ukraine, and maintain domestic support in Russia for the war.
The Google report highlights the complexity of Russian IO operations, which attempt to circumvent Google’s policies. The covert Russian IO operations that Google disrupted primarily focused on maintaining Russian domestic support for the war in Ukraine, with over 90% of instances in the Russian language.
The report also notes that the war in Ukraine has caused a notable shift in the Eastern European cybercriminal ecosystem that will likely have long-term implications for the coordination between criminal groups and the scale of cybercrime worldwide. Some groups have split over political allegiances and geopolitics, while others have lost prominent operators, which has an impact on our traditional understanding of their capabilities. Additionally, the report reveals a trend towards specialization in the ransomware ecosystem, which makes definitive attribution more difficult. However, the report does not indicate a surge of attacks against critical infrastructure outside of Ukraine.
Google remains committed to supporting efforts to protect Ukraine and helping to counter cyber threats. Since the beginning of the conflict, the company has worked closely with the Ukrainian government to improve the security of critical infrastructure and protect government sites against DDoS attacks.
Overall, the Google report highlights the increasing importance of cyber threats in modern conflicts. The threat landscape has significantly evolved over the past few years, and it is clear that cyber operations will continue to play a crucial role in future conflicts. Governments, businesses, and organizations must be prepared to face these constantly evolving threats to protect their infrastructure and data.