Downloads: 2 available

Available in

Contents

Bytes and bombs: Decoding cyberattacks in the Russia-Ukraine conflict

War and technology have always been two sides of the same coin, each advancing the other inadvertently or intentionally. But contemporary conflicts are no longer limited to guns, tanks, and fighter jets, and have expanded into a new dimension – cyberspace. Russia’s invasion of Ukraine in February 2022 has clearly demonstrated this expansion of the battlefield and how cyber operations have become a crucial part of warfare.

The cyber dimension of the Ukraine-Russia conflict

As tensions were increasing on the border between the Russian Federation and Ukraine, from the CyberPeace Institute we recorded a series of distributed denial-of-service (DDoS) attacks. These arise when an attacker prevents a user from accessing online services and sites by flooding it with internet traffic. This occurred repeatedly against Ukrainian government websites, such as the Ministry of Defense and the Ministry of Foreign Affairs as well as Ukrainian banks. Ukraine has been targeted by cyberattacks since 2014, but the number and frequency of those attacks intensified at the beginning of 2022. On 24 February, the day of Russia’s invasion, the soldiers marching over the border were accompanied by a large-scale cyberattack disrupting broadband satellite internet access to tens of thousands of people in Ukraine and Europe.

Over the course of the following 16 months, we reported over 2,000 cyberattacks connected to the invasion of Ukraine, impacting 25 sectors in over 50 countries. The majority had a disruptive objective, but there were also destructive attacks, disinformation and data weaponisation. Attacks were most often carried out by collectives, but state-sponsored actors can also be traced. In Ukraine, the main targets were the financial sector, public administration, telecommunications, and the media. Attacks against the Kyiv Post and other Ukrainian media have hindered Ukrainian public access to vital information. Ukrainian cyber operations infiltrating Russian media servers have aimed to release false information on aerial bombardments to stoke fear and a sense of proximity among the Russian population. Public administration and transportation services of countries supporting Ukraine, especially Poland, Canada and Germany, have also been increasingly targeted by pro-Russian hackers.

The harm resulting from cyberattacks

While cyberattacks have not played a devastating role in the tactical advances of either side, they were certainly significant. The impact of cyberattacks is easily underestimated due to the lack of immediately visible victims and the indirect nature of the harm caused. However, cyberattacks threatening crucial services such as energy, healthcare, media, and government institutions can have a devastating psychological impact on the civilian population. Attacks on the financial and telecommunications sector can lead to serious financial loss and contribute to the isolation of a population from both their fellow citizens and the outside world. Moreover, building on war fatigue, attacks against third countries aim to decrease popular support for governments backing Ukraine by disseminating false or misleading information about the conflict – with potentially disastrous consequences for the Ukrainian people.

A phone screen displays a picture of rescuers working on a residential building in Dnipro, Ukraine destroyed by a Russian missile strike on 16 January 2023. In the background, the WarOnFakes.com website displays a fake video of the same residential building intended to shift blame away from Moscow as part of Russia’s disinformation campaign on the conflict.
A phone screen displays a picture of rescuers working on a residential building in Dnipro, Ukraine destroyed by a Russian missile strike on 16 January 2023. In the background, the WarOnFakes.com website displays a fake video of the same residential building intended to shift blame away from Moscow as part of Russia’s disinformation campaign on the conflict. © Olivier Douliery/AFP via Getty Images

Priorities for cyber-peacemaking

Cyberattacks have emerged as a crucial new dimension in contemporary conflicts with a significant impact on civilian populations, organisations and non-belligerent countries. They also have a potential contribution to ‘kinetic’ (i.e. physical, non-cyber) conflict escalation, not least because the target is unlikely to know the aim of the attacker – whether espionage or physical harm. Recognising this, it is crucial to adopt a human-centric approach to the analysis of cyberattacks in conflict and to understand the role that cyber threats play in peacemaking and mediation processes.

Peacemaking practitioners will have to engage with technical experts and cybersecurity organisations to improve their understanding of the cyber-dimension of conflict.
Accord 30

The new types of actors (both state-sponsored or independent) involved in conflict and their growing number will further complicate conflict resolution efforts, with attribution becoming a particular challenge. In regard to the Ukraine-Russia conflict, the CyberPeace Institute has identified over 100 threat actors in cyberspace that need to be held accountable for violating international laws and made to respect ceasefire and peace agreements. The issue is made even more complicated by civilians engaging in cyberwarfare. How are these volunteer cyber-armies to be treated under international humanitarian law, or in peacebuilding and mediation efforts?

Current conflict resolution models will require adjustment to adequately respond to the realities of cyber conflict. Peacemaking practitioners will have to engage with technical experts and cybersecurity organisations to improve their understanding of the cyber-dimension of conflict. As we tread the new frontiers of digital warfare, building sustainable peace requires not just the disarmament of guns and bombs. It also demands decoding the chaos of cyberconflict – and returning to cyberpeace.