Ukrainian security officials say cyber defenders are stressed as they face attacks almost every day.
In the first days after Russia launched its campaign in Ukraine, Illia Vitiuk and her colleagues feared the worst: the fall of Kiev.
Vitiuk, head of the cyber department of the Security Service of Ukraine (SBU), the country's top counterintelligence force, said he has been fighting Russian hackers and spies for years. But on February 24, 2, SBU was assigned another task. They must transport servers and important technical infrastructure out of Kiev to protect them against attacks from Russia.
“The missile hit Kiev and people rushed to evacuate the city. We tried to contact several agencies and key infrastructure managers but sometimes received responses like 'the system administrator is away because his family is in Bucha and he needed to get them away from Bucha,” Vitiuk recalled.
“Kiev was then in danger of being surrounded,” he continued. “So we need to move the most important databases and hardware out of Kiev.”
Ultimately, thanks to Vitiuk and his “cyber warfare” experts, Russian hackers were unable to destroy Ukraine's digital infrastructure in the early days of the conflict.
However, Ukraine has suffered a series of cyber attacks, up to nearly 3.000 this year, according to Vitiuk.
Along with missile and unmanned aerial vehicle (UAV) attacks, cyberattacks conducted by Russian hackers have significantly weakened Ukrainian infrastructure, especially the power grid. Russian hackers also obtained sensitive information to support Moscow's campaign.
Starting around December 12, cyber attacks from Russia have increased dramatically, causing many in the private sector to fear the worst scenario is about to happen.
Around the same time, representatives from the US Cyber Command traveled to Kiev to help inspect key components of Ukraine's cyber infrastructure that they said would be "the focus of attacks". , Vitiuk said.
“And it happened just like that,” he said, adding that the US side also provided the hardware and software that the Ukrainian government still uses to this day to protect its network infrastructure.
Russia then deployed a number of cyber attack tools against about 70 Ukrainian state facilities and took down dozens of government websites. They claimed to have infiltrated Diia, a digital application used by Ukrainians to store documents, as well as interfered with a series of other online services. In February 2, Russian hackers attacked financial services to make Ukrainians think they couldn't access their money in an emergency.
Vitiuk said it seemed like Russian hackers at that time were "testing and preparing for something big."
Things became more tense than ever on the night of February 23, 2, right before the conflict broke out. “We started experiencing a series of cyber attacks,” Vitiuk said. “We have to resist the psychological campaign they launched.”
Several attacks took down ViaSat, the satellite communications system used by the Ukrainian military at the time. When unable to prevent the Ukrainian armed forces from communicating with each other, Vitiuk said Russia seemed to have summoned every cyber force it had to attack, targeting mass media and service providers. communication services, websites of local governments and ministries.
“From the beginning, it was clear to us that they tried to use all the trump cards at hand,” he said.
For Ukraine, the main challenge during that period was coordinating with cybersecurity experts at government agencies and other important organizations, many of whose lives were threatened by artillery fire. This is when the SBU started moving servers from Kiev.
When asked whether the initial attacks had a lasting impact, Vitiuk said that only a few systems were damaged and a small amount of data was stolen.
"No key systems were damaged," he said. “We work 24/7. We resolved the issue fairly quickly.”
After the failure of the "quick win" campaign, Vitiuk said the SBU observed Russian hackers switching tactics, mainly aiming to gather intelligence and disrupt the power grid.
“Since the summer, they have understood that this conflict is going to last longer and they need to move on to something more serious,” he said.
According to Vitiuk, Russia also tried to penetrate Ukraine's military operations planning systems, including the Delta platform. The SBU recently published a detailed report about Russian military intelligence officers on the front lines trying to take Android tablets used by Ukrainian officers, in order to break into Delta to gather intelligence as well as The Ukrainian army uses Starlink mobile communication devices from billionaire Elon Musk's SpaceX company.
In this way, Russia can determine the location of certain Starlink-linked devices and better target them for missile attacks.
The SBU claims it has successfully blocked Russia's access to Delta and similar programs, but Vitiuk admits it still lost some information.
When the conflict broke out, nearly all Ukrainians volunteered, donated money, or worked directly with the government to support the fighting effort. Among them is the information technology (IT) community.
Many are working part-time as consultants to government agencies while others are involved in more active roles. Most prominent is the IT Army, which was supported by the Ukrainian Ministry of Digital Transformation from the beginning of the conflict. The group mainly focuses on developing software and tools for citizens to carry out denial of service (DoS) attacks against Russian targets, developing automated software that helps the government collect intelligence newspaper.
Participating in this effort are groups such as the Ukrainian Cyber Alliance, Hackyourmom, a project started by Ukrainian cybersecurity entrepreneur Nykyta Kynsh, and Inform Napalm, a website dedicated to investigating leaked data and identifying hackers. Russian hackers.
Many groups declare their activities openly, but others operate more secretly.
However, cyber security experts warn that attacks carried out by volunteers, which sometimes appear randomly and often do not achieve long-term effects, can do more harm than good. for covert operations.
Despite the concerns, Vitiuk argues that every volunteer's skills are valuable to a certain degree. “This is like defending our cyber territory,” he said. “Our mission is to monitor and get to know the volunteers well, to direct them or give them advice on how to work more effectively.”
When asked about the future cyber threat from Russia, Vitiuk predicted attacks would continue at the same intensity as last year, especially entering winter.
Attacks may become more sophisticated, but increasing their intensity will be a challenge for Russia because of its current limited number of skilled experts. “They need more people,” Vitiuk said.
Vitiuk said SBU is focusing on preparing for winter, working with the Department of Energy and other experts to protect the power grid based on lessons learned last year.
He admitted despite all the success, they still need help to continue strengthening critical infrastructure. This need is especially acute at the local level, where fewer resources are available.
During a recent conference in Estonia, Vitiuk called on cybersecurity companies to come to Ukraine to help assess the country's needs, from technical infrastructure to hardware and software, and to directly send devices instead of transfer money.
He expressed concern about corruption in the country. “We don't need money. We need the most transparent system possible,” he emphasized.
Vitiuk believes that even when the conflict ends, cybersecurity will still be a matter of special focus. “New doctrines will be written and applied according to what happened in Ukraine, according to our experience,” he said.
Vu Hoang (Follow NPR)