Cyber ​​warfare that has come into view Hybrid warfare Fierce battle in Ukraine June 27, 14:36

The endless battle between Russia and Ukraine.

In cyberspace, another fierce battle that is different from normal armed attacks is unfolding.

Cyber ​​warfare.

We will approach the actual situation of the "invisible battlefield" by our own interview.

The war really started in "January"

One day in June.

Somewhere in Ukraine where the battle continues.

We have visited a base that is responsible for defense against cyber attacks.

In order to avoid the risk of being attacked by Russia, the person in charge of the information and communication authorities responded to the interview on condition that the shooting location was not revealed.

Yuri Sichihori, Director General of the Ukrainian State Special Communications and Information Protection Bureau

"The war really started on January 14, when the government received its first cyber attack."

The first thing I said was a surprising perception.

The Russian army began the invasion on February 24th.

But more than a month earlier, "the war had virtually begun."

On January 14, about 70 official websites of government agencies were hijacked all at once, and suddenly there was an "incident" in which a threatening message was displayed.

"Cyber ​​Bomb" wiper

At that time, it was found that an extremely destructive computer virus was used for some tissues.

It was analyzed by the American IT company "Microsoft".

The virus was called a "wiper."

Viruses used for cybercrime usually have functions such as secretly extracting information from the invading system.

However, this "wiper" was a cyber weapon like a "bomb", such as destroying the program of the system.

The parties involved in virus analysis

It was also found from the interview that the wiper was set up just before the invasion on February 24th and had a great influence.

At the request of the Ukrainian government, he visited the Slovak security company ESET, which has been analyzing viruses.

"ESET" Robert Lipovski

"I found a lot of more aggressive and destructive viruses called'wipers'."

The person in charge explained how he discovered the "wiper" around 5 pm on February 23, the day before the invasion.

"ESET" Robert Lipovski

"I analyzed what the wiper was trying to do overnight. Is there anything more about how it was analyzed?"

As a result of the analysis, the wiper had already entered hundreds of PCs in Japan, erased the data, and tried to make the PCs themselves unusable.

It was the next morning that surprised them.

"ESET" Robert Lipovski

"The actual military invasion has begun. I imagine that tanks would actually run around the streets and missiles would fly that morning after analyzing the virus overnight. I didn't. It was scary. "

It also hits satellite communications

In addition, the wiper was also set up in a place that shakes the foundation of Ukraine's defense system, according to interviews with information and communication authorities.

The target was the satellite communication network, which is indispensable for communication between the Ukrainian army and the government.

The wiper destroyed the base station system that relays satellite radio waves.

2:00 am on the 24th.

It was three hours before Russia launched a military invasion.

Yuri Shichihori, Director General of Ukraine's National Special Communications and Information Protection Bureau

"This cyber attack has made satellites with large communications networks in Ukraine unusable for more than a month, making them almost non-functional. We have attacked with both cyber and conventional weapons. "

Did you change the battlefield?

Cyber ​​attack

Such cyber attacks can also affect the actual battlefield.

In this interview, I saw a part of it.

Early March.

The Russian army develops a fierce military operation to seize the capital Kyiv.

However, the battle was stalled, and at the end of March, Russian troops virtually abandoned Kyiv's seizure.

One of the factors is said to be the failure of the troops in terms of supply.

At that time, Russia used the railway of neighboring Belarus to carry weapons and supplies to the vicinity of the Ukrainian border.

Some groups claim to have shut down the railroad's operating system in a cyberattack.

"Cyber ​​Partisans".

Based in Belarus, it is a group of hackers who are said to have high skills such as hacking government agencies.

It has been active as an anti-government organization, such as launching a cyber attack against the current Belarusian government, but this time it has announced its support for Ukraine.

A member in charge of public relations for the organization revealed a cyberattack on Russia's transportation routes in an interview.

Cyber ​​Partisans Juliana Shemetovets

"We aimed at a railroad optimization system and shut it down completely for two days. Without this system, we wouldn't be able to control the movement of trains and signals, and we wouldn't know how to operate it. "

In addition, along with this cyber attack, partisan-related organizations are also developing sabotage of signals and distribution boards.

It is said that he tried to stop the railway surely.

Cyber ​​Partisans Juliana Shemetovets

"The main reason Russia abandoned the invasion of Kyiv is because the Ukrainians fought bravely and wisely, but our cyber attack also stopped the Russian army in Belarus. I think it helped me. "

What is the "hybrid warfare" on the Russian side that hit the communication network?

A military strategy that combines attacks other than armed forces, such as cyber attacks, with actual attacks to give the maximum military effect is called "hybrid warfare."

This interview also revealed a part of the Russian hybrid warfare.

The target was Ukrtelecom, a major telecommunications carrier with a telecommunications network throughout Ukraine.

At the headquarters in Kieu, the chief technology officer responded to the interview.

In March, the town of southern Kherson, where the office is located, was subdued by Russian troops.

In the process, Russian troops detained employees of the establishment for several days and repeatedly assaulted them.

Its purpose was to extract information for use in cyber attacks.

Ukrtelecom Chief Technology Officer Dmitro Mikchuk

"The Russian army tried to get information on how to break into and control the internal network. At least four employees were caught and two were seriously injured. "

After that, the Russian side invaded the in-house system based on the information that was heard.

From there, he tried to take over the communication network that spreads all over the country.

Ukrtelecom, noticing this move, immediately shut down its internal system.

As a result of this measure, 2 million users in Japan were temporarily unable to communicate, but the worst case of losing control of the network was avoided.

Ukrtelecom Chief Technology Officer Dmitro Mikchuk

"If the Russian army attack was successful, the communication network would have collapsed. It was about to be unable to provide communication to the government, the Ukrainian army, and society as a whole. On the battlefield, the enemy They attack with murderous intent, but so do cyber attacks. They try to kill our infrastructure. "

Targeted "shelter" town

A cyber attack that is performed in combination with a normal armed attack.

Ukrainian telecommunications authorities have also revealed to us that there was a cyberattack aimed at destroying the power system of the power plant.

However, it is said that many of the cyber attacks on the Russian side are being prevented at the end.

Yuri Sichihori, Director General of the Ukrainian State Special Communications and Information Protection Bureau

"Hackers attacked one power company supplying electricity to the area where 2 million people live. The virus is in the area where many displaced people live. The purpose was to create a power outage, which would raise the level of turmoil and undermine confidence in the government. "

At the request of the Ukrainian government, ESET, which analyzed the virus used in this attack, points out that it is very similar to the virus that struck Ukraine six years ago and caused a power outage.

According to ESET, the virus was created by a group of Russian government-affiliated hackers called "sandworms."

ESET Robert Lipovski

"I immediately analyzed the virus and immediately realized that this was a big problem."

The Ukrainian government has announced that it has successfully eliminated the virus with the help of ESET and Microsoft.

ESET Robert Lipovski

"If this attack was successful, up to 2 million people could have lost power. So far, the most cyber-attacks during the war. It was a serious attack. "

"Ready" Ukrainian infrastructure company

In addition, we interviewed an energy company that almost completely protected the Russian cyber attack.

Ukrainian company "Ukrainian", a company that handles high piezoelectric feeding in Ukraine.

Ukluenerho Chief Information Officer Selhii Harahan

"We were ready to stop most attacks. The attacks were never successful."

After the invasion started, Ukuru Enerho is said to have been experiencing a series of cyber attacks called "DDoS attacks" that send a large amount of data to websites and paralyze their functions.

The number is more than 50.

However, at present, there has been no damage affecting power transmission.

Harahan says the reason was the power outage six years ago.

Selhii Harahan, Chief Information Officer of Ukluenerho

"Since 2016, when a power outage caused by a cyber attack occurred, we have been seriously working to improve cyber security. We are not preparing for the war. , I've been preparing for a brutal attack by a hacker. "

According to Harahan, the organization was protected from this DDoS attack by utilizing a function called a "firewall" that blocks external attacks.

This time, Mr. Harahan, who said that he was able to prevent damage from a series of cyber attacks, revealed this as a "very interesting fact."

Selhiy Harahan, Chief Information Officer of Ukluenerho

"I think Russia has used up almost all of its personnel in the cyber force. The reason for this is that even departments that are not experts in cyber attacks have been attacked. Because it is. "

According to Harahan, the Russian government's security department has conducted multiple "scans" of reconnaissance in cyberspace to check for vulnerabilities in Ukuluenerjo's system.

Russia's cyber strategy may be in dire straits to the extent that it must mobilize an organization unrelated to cybersecurity, such as a government agency responsible for guarding government officials.

Mr. Harahan speculates that the Russian side's actions that do not care about pretending to be.

Is the Russian side's plan almost unsuccessful?

Professor Motohiro Tsuchiya of Keio University, who is familiar with cyber warfare, said that the concept of a hybrid warfare that combines the fierce cyber attack from the Russian side and the actual armed attack is "almost unsuccessful" at the moment. analyse.

Professor Tsuchiya gives two major reasons for this.

One is the improvement of Ukrainian cybersecurity technology, as evidenced by energy companies.

According to Professor Tsuchiya, Ukraine has been preparing to improve security by investing personnel and funds since Russia's annexation of Crimea in 2014.

We have obtained the latest knowledge from Western countries such as NATO, and have been focusing on developing human resources who can respond to cyber attacks.

Professor Motohiro Tsuchiya of Keio University

"It can be said that it was within the expectations of the Ukrainian side, which had been preparing for the" hybrid warfare "by Russia. At NATO, what kind of hybrid warfare Russia has been doing for many years. It has been researched whether it will be set up. Based on such knowledge, the Ukrainian side has conducted research on the assumption of attacks on critical infrastructure dozens of times between the government and businesses. "

Even bigger is the support of Western companies

Even bigger is the support provided by IT companies in Europe and the United States, including the United States.

"Microsoft" in the United States and "ESET" in Slovakia have revealed that they are defending and analyzing computer viruses that have hit Ukraine.

In addition, "Microsoft" and "Amazon" have provided a cloud to protect confidential data held by the Ukrainian government and educational institutions from war and cyber attacks, and have migrated the data.

In addition, a satellite communication network called "Starlink" developed by "SpaceX" in the United States was also provided at the request of the Ukrainian government.

"Starlink" was developed to deploy a high-speed Internet connection service covering the entire earth by arranging a large number of satellites in outer space.

Ukraine's Deputy Prime Minister, Fyodorov, who is also in charge of the digital field, turned to service on Twitter just over 10 hours after asking Elon Musk of Sparse X for help.

According to several security officials, "Since many satellites are deployed, it is difficult to bring down the satellite network even if a part of the satellite is destroyed. Even if the communication facility on the ground is destroyed. Isn't it a major factor in Ukraine's ability to maintain Internet communications? "

According to Deputy Prime Minister Hyodorov, it is used by 150,000 people a day.

Professor Motohiro Tsuchiya, Keio University

"IT companies are supporting Ukraine's resistance. This is a new phenomenon. Digital technology is being used for command and command, and it is the IT companies that support it. This cooperation Without it, the reality is that it is no longer possible to carry out (war). In the absence of full-scale military support from the United States, private companies have a large role to play, and without the cooperation of American private companies. If so, the war situation may have changed. "

Citizens suffer from cyber attacks

The head of the Ukrainian Post and Telecom Authority emphasized that the target, whether armed or cyber-attacked, is the civilian population.

Yuri Sichihori, Director General of the Ukrainian National Special Communications and Information Protection Bureau

"The Russian side says that the target of missile attacks is military facilities, but in most cases it is private infrastructure. The same is true for cyber attacks. Private logistics and energy facilities. And it attacks the communication network used by the general public. What I want you to know is that the battle in cyber space never ends. Even if you win the ground battle, it is a cyber attack. Will continue. "

Four months after Russia's military invasion of Ukraine.

The real image of the modern war, in which armed attacks using conventional weapons and cyber attacks are two sides of the same coin, is gradually becoming apparent.

The actual situation of cyber warfare will be explained in detail in the close-up Gendai "Expanding" Invisible Battlefield "Ukraine Cyber ​​Warfare" from 19:30 on June 27 (Monday).

Yohei Fukuda ,

Reporter, Faculty of Science and Culture

Joined in 2013.

He has been in the Faculty of Science and Culture since April 2021 after working at the Okayama and Sapporo stations.

His areas of responsibility are IT / cyber security and culture / art (art / art).

Shuhei Jyohiro ,

Director of the Social Program Department Joined the station

in 2009.

After working at the Fukuoka Bureau and the International Program Department, he has been in the Social Program Department since 2020.