The Russian military is turning to criminal hacking gangs to launch cyberattacks on Ukraine, Kyiv’s cybersecurity chief has claimed.
Russia’s digital warfare agencies have been issuing instructions to “organised criminal gangs” as well as their own teams of hackers, said Victor Zhora of the Ukrainian cybersecurity agency.
“The most dangerous activity comes from state-associated actors,” Mr Zhora, head of Ukraine’s State Service of Special Communications and Information Protection, told the Telegraph. “And others, organised criminal gangs.”
Gangs who have “joined Russian cyberaggression can help them with tools or with some parts of preparation [for an attack],” he said.
Russia’s cyberwarfare against Ukraine came to the forefront in April after attempts to plant a “digital bomb” in the Ukrainian electricity grid were detected and neutralised.
Hackers employed by the GRU spy agency were caught as they infiltrated the high voltage network of an electricity distribution company. They were trying to unleash a specially tailored computer virus that would have deleted critical control software and triggered the partial shutdown of the company’s electrical grid.
Addressing how cyberattacks against Ukraine are organised, Mr Zhora said that “advanced operations, in my opinion, are planned and prepared in dedicated military units”.
As Russia tries to sustain its all-out assault against Ukraine, it has relied on criminal hacker gangs to deliver some cyberattacks on behalf of the Russian state.
Professor Alan Woodward, a computer security expert at the University of Surrey, said: “It’s hard not to conclude that the Russian government would deploy everything they can and that includes mercenary forces, especially where those forces have capabilities that do not exist in other Russian forces.”
Last week cybersecurity specialists from Google published a research note explaining how “former members of the Conti cybercrime group [are] repurposing their techniques to target Ukraine”.
Describing the cybercriminals as “financially motivated”, Google Threat Analysis Group researcher Pierre-Marc Bureau said: “Rather uniquely, the group demonstrates strong interest in breaching businesses operating in the hospitality industry of Ukraine, going as far as launching multiple distinct campaigns against the same hotel chains.”
The Conti cybercrime gang use a specific type of malicious software called ransomware to lock up the files of targeted organisations. They then demand a ransom payment in hard-to-trace cryptocurrency in exchange for unlocking their victims’ files.
US government officials placed a $10m bounty on Conti members’ heads in August. The gang carried out more than 1,000 ransomware attacks over the past two years.
Conti is organised along the lines of a business, with members receiving wages and in some cases a percentage cut of ransoms paid by victims. Cryptocurrency research company Chainalysis estimates that the gang made $180m (£155m) last year.