Ukrainian cyber-activism could backfire, expert warns

Russia also increasingly resorted to these kinds of cyberattacks in the run-up to its invasion of Ukraine. [ADragan/Shutterstock]

Russia’s invasion of Ukraine has brought an unprecedented level of cyberactivism, though attacks seem to contribute little to strategic objectives and could even have negative effects. EURACTIV Germany reports.

Shortly after Russia attacked Ukraine on 24 February, some cyber-activists made headline news. Hacker group Anonymous, for instance, declared a cyberwar on Russia in a message posted on Twitter and a video posted on YouTube.

Ukraine also said it would fight Russia in the “cyberwar” by setting up an “IT army”, Digital Transformation Minister Mychaylo Fedorov announced at the start of March.

But what may sound like a hierarchical military structure is actually a loose association of cyber-activists. The Ukrainian government only provides a freely accessible Telegram channel where activists discuss possible targets for their cyberattacks.

The channel already has over 300,000 subscribers but it is difficult to estimate how many members are actually active. On average, only about 2,000 users respond to each of the calls on the IT Army channel.

Members mainly exchange information about Russian websites they want to overload and thus make inaccessible with the help of DDoS attacks. The channel also contains detailed instructions on how such cyberattacks can be carried out.

The list of attacked websites includes those of public companies, news channels with close ties to the Kremlin and private companies.

“Hi, guys! We should also target Russian public companies,” a user wrote on Thursday, sharing several websites of Russian companies on the IT army’s Telegram channel. An hour later, half of the targeted sites were no longer accessible due to the cyberattacks.

German secret service warns of Russian cyberattacks

Germany could face an increased threat of cyberattacks on its critical infrastructure, political and military institutions, and businesses, the national intelligence agency has warned in a safety note on the war in Ukraine.

“As a reaction to the most recent sanctions …

Little strategic benefit

The IT army’s cyberattacks are carried out at a relatively low threshold level. Such DDoS attacks are easy to carry out and require only a low level of technical expertise.

This is also reflected in the price. DDoS attacks can be purchased on the Darknet at €80 to €1,500 a month, according to a report by the German Criminal Police Office (BKA).

“The cyberattacks we have seen so far tend to work at a low-threshold level and are mainly for psychological warfare. Tactical or strategic goals that are decisive for war cannot be achieved by them,” according to cybersecurity expert Sven Herpig of the think-tank Stiftung Neue Verantwortung.

Russia also increasingly resorted to these kinds of cyberattacks in the run-up to its invasion of Ukraine. In the weeks leading up to the invasion, the websites of Ukrainian state and private agencies were paralysed at regular intervals as a result.

Since the start of the war, however, Russia has scaled back its cyberattacks because the strategic and tactical utility of such operations in wartime is extremely limited. While they were still relevant in the preparation phase of the attack, they have since lost their usefulness.

“At the point where the invasion is launched, Russia, of course, has the kinetic possibilities to implement many of its strategic and tactical goals, which cannot be achieved to the same extent through such cyberattacks,” Herpig told EURACTIV.

EU demands end to Russian-linked cyberattacks ahead of German elections

The European Union has called for an immediate end to malicious cyber activity by a group believed to be linked with the Russian state, following attacks against a number of EU countries. 

Negative effects

However, the IT army’s cyber-activism could also backfire.

It is likely, for example, that some users have registered on behalf of Russia to the freely accessible Telegram channel set up by Ukraine. This means Russia can follow the IT army’s planned cyberattacks, prepare for them if necessary, and even target individual users.

“If the activists fail to protect themselves in advance, Russia could take a very close look at who has been involved and take revenge on the activists,” Herpig warned.

However, cyberattacks could also make Russia’s cyber-resilience more robust in the long run especially when it comes to hacking activities. Continued attacks would bolster Russian authorities by making them aware of gaps in their own infrastructure, which they could then close to avoid their exploitation by more organised state actors.

“These accesses are then possibly burnt and can no longer be exploited by intelligence services. And in doing so, you may even endanger the goals that you are primarily pursuing through such attacks,” Herpig said.

[Edited by Frédéric Simon]


This stakeholder supports EURACTIV's coverage of Cybersecurity. This support enables EURACTIV to devote additional editorial resources to cover the topic more widely and deeply. EURACTIV's editorial content is independent from the views of its supporters.


Subscribe to our newsletters