When Hackers began accessing the personal information of pro-Ukrainian supporters around the world in order to silence them, we all thought we were watching a spy film. Now, a year later, it’s become abundantly clear that cyberspace hosts one of the most crucial fronts in today’s warscape.
With huge masses of links being sent through the entire spectrum of online media (emails, social channels, productivity suites, messaging of all types and colors), phishing is an easy way of infiltrating enemy lines. It’s the modern-day equivalent of using an unsuspecting decoy, a stary-eyed idealist, a far-away supporter—anyone careless enough to click on a link.
First, attacks were aimed at local Ukrainian activists. Now, the attack surface has extended into the US, alarming the government’s Cybersecurity & Infrastructure Security Agency, whose alert page blossoms each day with new warnings, especially against phishing attacks.
And with the inundation of communications platforms, the targets are as numerous and—for the attackers—attractive.
The game is a-Phoot
Security Week claims that “the war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber.” It further believes that this war has been going on since the annexation of Crimea, continuing through the 2016 US election and the UK Brexit vote—all part of Vladimir Putin’s war against the West. The tools in this war include satellites and AI amidst the traditional tools of espionage and war-planning. Clearly, the war will not be won merely by the number of boots on the ground.
If until a year ago, we all thought that hactivism was the hobby of anarchists and bored teenagers, at best, crime syndicates at worst, today it has become abundantly clear that it has become a highly organized and structured activity, most probably orchestrated by well-funded state agencies. Major corporations, such as Lockheed Martin are being targeted, most recently in the US, Germany, Lithuania, Italy, Estonia, Norway, Finland, Poland and Japan.
Security Week illustrates the scope of early techniques and strategies with a partial list of attacks, beginning with AcidRain targeting Italy, culminating in worm-spreading data-wipers that use ransomware as a red herring. But, the trend of state-sponsored cyberattacks probably began earlier—in the Middle East, with groups such as Moses’ Staff and Hackers of Savior attacking Israel, Predatory Sparrow attacking Iran, and so forth. Later, in March 2022, Reuters reported that Russian hackers, such as FancyBear or Belarus’ Ghostwriter/UNC1151 had been engaging in espionage against Ukrainian and European targets.
Killnet, Xaknet, From Russia with Love (FRwL), NoName057(16) soon joined the game. Killnet began by focusing on the immediate vicinity, but it also took the game further afield, attacking Connecticut International Airport.
The well-designed hierarchy, the recruitment, and the political ideologies behind these attacks are barely concealed. Checkpoint demonstrates Killnet’s organization through its Telegram Page instructions to hackers. Even the Chinese were getting in on the game, with Temp.Hex sending files, such as “Situation at the EU borders with Ukraine.zip”.
And, the numbers speak for themselves. As the war entered its formal stages, Russian attacks on Ukrainian users increased by 250% and on NATO countries by 300%. Threat Intelligence leader Mandiant reports that there were “more destructive cyber attacks in Ukraine during the first four months of 2022 than in the previous eight years with attacks peaking around the start of the invasion.”
Phish-mining the means of communications
Amidst all this, phishing of course remains a strategic tool. Early phishing scams included fake humanitarian organizations seeking donations, some requesting cryptocurrencies, which the Ukrainian government does—in fact—use for fundraising. And foreign nationals were suddenly being targeted with emails from compromised Ukrainian service personnel accounts.
Forbes describes one message purporting to be from the government’s security services requesting evacuation plans, along with a Google warning stating that similar messages have been sent to steal personal data.
But phishing has an even more insidious task: undermining the tools of basic communications—a crucial tactic in psychological warfare. Russia’s intelligence community is attacking the social activists and Ukrainian freedom forces by disrupting the channels of communications we use on a daily basis, social networks, personal emails.
Activists—to be effective—are often dispersed, physically isolated, spread across borders and towns. They interact using messaging platforms. To battle these activist communities, their members must be made suspicious of one another, colleagues who may have been compromised. What information has been leaked. Which information is false? Is that link an organizer sends you safe? Could your vocal friend on Facebook have been compromised, and now you too are at risk?
Consequently, since political activism is nowadays administered through mobile devices and using social media, infiltrating an activist’s cellular phone is akin to placing an enemy spy behind the lines, a spy who then has access to the activist’s personal information. Journalists, activists, and ordinary innocent bystanders who have dared express their support for the people of Ukraine or Ukranian refugees are actively targeted by Russian phishers. In today’s world, a simple act, such as changing your profile colors to blue and yellow, is just as dangerous as painting a target on your back for hackers to shoot at. Thus, a single scammer can terrorize as many innocent people as he wants from the comfort of his sofa in the Bahamas.
Bystanders—beware the phish
Bystanders in the subway, employees in their cozy World Trade Center offices, tourists walking along London Bridge, schoolchildren at a rock concert—these are the traditional targets of terrorism. But in today’s warscape, you need not be at the wrong place at the wrong time. Cisco’s 2021 Cybersecurity report estimates that at least one person in 87% of US organizations fell for a phishing scam during that past year. We’re wide open!
The White House soon upon the outbreak of war sent out a press release warning that Russia could attack American businesses large and small in the near future. Most at-risk are ‘vital infrastructures’, which include healthcare and utilities. But their point of entry could be you—a simple healthcare patient, an innocent electric company client, a bank account. Innocence does not make you any less of a target, and most Americans are at risk from a war taking place halfway around the world.
You may not read the news, have nothing at stake in the Russia-Ukraine war. You might believe that you, personally, are one of the few apolitical people on social media—indeed, the planet—and are therefore not at risk. However, the planet is small, made smaller by instant messaging and modern communications. And, terror—by its nature—targets the innocent. It works best when it endangers us all.
We cannot know where it will strike next.