Talking to Wired, Shchyhol said that before invading Ukraine on 24 February, Russia had been testing the defenses of Ukraine’s cybersecurity with persistent, low-level attacks. There was a larger attack launched on 14 January 14, when Russia targeted more than 20 Ukrainian government institutions.
“The goal of the Russian hackers was to sow panic among the Ukrainian population, and to demonstrate to the outside world that Ukraine is a weak state that couldn’t handle the attacks,” he says.
Derzhspetszviazok rushed to relaunch the sites affected which in some cases took a week.
Then when the invasion began, Russia targeted communications nodes, media, logistics, and railways, says Shchyhol but now things have moved to a third stage.
Most of the attacks are against civilian infrastructure: utilities and companies that render services to civilians. “They failed to destroy in the second phase our communication lines and our ability to keep people abreast of what’s going on.”
Russia’s digital war playbook is similar to its physical warfare strategy, says the cybersecurity chief and it has been largely successful, mostly to everyone’s surprise.
Many in the west feared Russia’s much-hyped hacker army could quickly wipe out the country digitally. In fact in 2017 an attack launched by Russia using the NotPetya virus decimated the country—and broke out into the wider world.
Shchyhol said: “Afterward, there was a couple of years when they were quiet. We recognized that’s because they were getting themselves prepared for more active attacks against our country, so we used that pause time to get ourselves prepared for the potential attacks.”
Ukraine’s success in repelling the worst of Russia’s cyberattacks in 2022 demonstrates well how much the country analysed and learned from previous skirmishes, the cyber chief said.
Ukraine created a database of attributed Russian attacks that were specified to particular hacker groups. Shchyhol says the Derzhspetszviazok learned that most groups were sponsored by either Russia’s intelligence service—the FSB, Russia’s post-Soviet successor to the KGB—or the Russian army.
He said there was no such thing as a “hacktivist” in Russia. These are people who act the generosity of their hearts, free of charge,” he says.
“These guys are sponsored by the state and receive a mandate to perpetrate crimes.” Knowing who was behind the attacks helped, Shchyhol says. “By virtue of realising who is attacking us, it allowed us to be better and more successfully get prepared to repel those attacks,” he says.
Russia also used old tools in their attacks. The one used to hit a Ukrainian energy-generating company was first used in 2017 and had been updated.
“Since we were ready for this type of attack, we were successful in repelling it, and thus prevented damage being caused to this company,” Shchyhol says. This prevented power blackouts for 2 million people, he adds.
The Russians have managed to take out one Ukrainian database for two weeks: the government’s motor insurance policy bureau, responsible for issuing coverage for Ukrainian drivers.
“For two weeks, this bureau wasn’t able to issue the insurance policies to their clients,” says Shchyhol. But the bureau—like many in Ukraine—was warned about the risks and had a backup that enabled it to return to normal operations relatively quickly.