KYIV, UKRAINE — After the Russian invasion, Ukraine’s cybersecurity officials reconsidered their approach to responding to digital threats and went on the offensive.
Now, instead of merely defending its systems, Ukraine is attempting to hack into Russian state and private companies to gather valuable intelligence. This information can help thwart cyberattacks planned by its adversaries and is also used to conduct operations in the occupied territories or inside Russia.
“The era of impunity ended when Russia invaded Ukraine, and we have to act proactively — what the U.S. calls 'defend forward,'” said Illia Vitiuk, head of cybersecurity at the Security Service of Ukraine (SBU), during a cyber conference in Kyiv this week.
A “defend forward” and persistent engagement approach is at the core of the U.S. cyber strategy. It involves “targeting adversary cyber capabilities and their underlying infrastructure to prevent threat actors from launching destructive cyberattacks in the first place.”
Ukraine's security agencies, including SBU and the country’s defense intelligence directorate (HUR), have only recently begun to disclose some of their cyber operations in Russia. These include attacks on the Russian scientific research center, state tax service, civil aviation agency, and its largest private bank.
These public acknowledgments have limitations, however, as they are not accompanied with concrete evidence, and the attacked companies never respond to such claims or they simply deny the attacks.
Vitiuk said that he cannot disclose details of Ukraine’s most important cyber operations for security reasons, however he claimed that the intelligence Ukraine gained during the cyberattacks has helped in carrying out major ground operations, including attacks on Russian military and critical infrastructure.
The intelligence has also helped to prevent cyberattacks. Vitiuk said that a year ago Russia intended to hack an unnamed telecom operator in Ukraine in an operation that was supposed to mirror the one targeting Ukraine’s largest mobile operator, Kyivstar, in December.
Vitiuk claimed that they learned about the attack by penetrating Russian infrastructure.
"We managed to prevent the incident a few weeks before it was supposed to happen and clean the Russians from the operator's networks," he said.
Given the extensive volume and complexity of cyberattacks launched by Russia since the start of the war, Ukraine cannot afford to simply wait to be attacked, Vitiuk said.
On the cyber front, Ukraine competes with Russian special services that have laboratories, research institutes, and even university programs where they train students in cyber-offensive disciplines, he stressed.
“Officers of the GRU [Russia’s Main Intelligence Directorate] and FSB [Federal Security Service] assign them topics for research and master's theses, and we have seen these papers,” Vitiuk said.
Some of them focus on the exploitation of vulnerabilities in critical energy infrastructure or attacks on telecom providers and media, he said. By hacking into Russia, Ukrainian spies found research on those types of attacks.
"They study the critical infrastructure not only of Ukraine but also of Europe and other countries. They want to elevate the level and sophistication of destructive attacks and recruit a significant number of cyber professionals to carry them out," he said.
Vitiuk claims that considering Russia’s cyber efforts, the cyberwar could extend beyond Ukrainian borders and escalate on a global scale. For those countries that now live in peace, he recommended reconsidering how they think about cyber threats.
“You have to be afraid of being hit before you get hit," Vitiuk said.
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
Daryna Antoniuk is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.