Ukraine pointed an accusing finger at Russia on Sunday January 16.

“All the evidence points to Moscow being behind the cyberattack [that we are suffering],” assured the Ukrainian Ministry of Digital Development.

After the sound of Russian boots on the Ukrainian border and the diplomatic sparring between Moscow and Washington, the Ukrainian crisis took on a cyberattack component at the end of last week.

Fake ransomware, real destructive virus

A computer virus disguised as ransomware was discovered on Saturday January 15 by Microsoft. "Dozens of government entities, NGOs and media groups, all located in Ukraine, were infected with this malware which pretended to demand payment of a ransom in order to return control of the impacted computer servers", detailed Microsoft in a blog post. But there was no way for the victims to pay the said ransom. 

In reality, this virus has been programmed to destroy data on infected systems when computers are restarted.

This malicious code seems to have started to be deployed within Ukrainian computer systems "soon after the failure of diplomatic negotiations between Russia and NATO on Thursday, January 13", specifies the New York Times.

Microsoft's discovery of the existence of this cyberattack also comes a day after around 70 websites of Ukrainian institutions - such as that of the Minister of Foreign Affairs, or the Defense and Security Council - were attacked.

The hackers added threatening texts to the homepage of these portals saying that Ukrainians should "be afraid and expect the worst".

Kiev had, first of all, accused a group of Belarusian hackers of having carried out this operation.

But the Ukrainian authorities added later that these hackers had probably acted on the orders of the Russian intelligence services.

"It would not be surprising because this is not the first time that two allied countries have coordinated to carry out operations in cyberspace", assures Gérôme Billois, cybersecurity expert from the consulting firm Wavestone, contacted by France 24.

Moscow has categorically denied any involvement in these attacks.

"The Ukrainians accuse us of all the evils, even the bad weather they are currently experiencing," quipped Dmitri Peskov, Vladimir Putin's spokesman. 

It is true that no one, apart from Ukraine, has yet officially accused Moscow.

"We are currently working on the attribution of these attacks. But it is true that I would not be surprised to discover that they were organized by Russia", however affirmed Jake Sullivan, the adviser for national security questions. US President Joe Biden, interviewed by CBS television on Sunday.

like deja vu

The attacks of recent days have, indeed, a taste of deja vu… both for Ukrainians and for computer security experts. Cyberattacks against Ukrainian institutions following a similar modus operandi and "attributed to Russian hackers have already taken place in 2015 and 2017", recalls the Wired site. In 2017, one of the most destructive ransomware ever observed - NotPetya, which had infected hundreds of thousands of computers worldwide - was revealed to be an operation aimed primarily at Ukraine. The Russian hackers then also “tried to conceal a cyber-operation against Ukrainian interests under the appearance of a ransomware attack”, recalls Gérôme Billois.

This expert adds that the double attack in Ukraine - hacking sites then using a data destroying virus - is also a classic process.

"The idea is to first use a small-scale attack, but which still obliges the competent authorities to take an interest in it, in order to divert their attention to then carry out a more ambitious operation", details t- he.

The question of attribution is all the more important since "in all modern warfare manuals, there is talk of cyberattacks to disrupt a country before a military intervention", recalls the French expert.

Again, it was Russia that first applied this precept in 2008 during the war against Georgia.

Hence the fear of a similar scenario in Ukraine.

"Between the breakdown of diplomatic negotiations, border troop movements and cyberattacks, there is a worrying escalation that could raise fears that ground invasion is the next step," said Oscar Jonsson, an expert on Russian military issues. at the Swedish Defense University, contacted by France 24.

Letting go of the east

For this specialist, who has worked on the integration of cyberspace into Russian military doctrine, "the mere fact that groups decided to exploit flaws in Ukrainian computer systems of which they were aware to carry out cyberattacks means that they are ready to burn some bridges". Indeed, computer vulnerabilities are cartridges that can only be used effectively once since they have a good chance of being "repaired" afterwards by the victims.

But that doesn't mean that these attacks have the sole purpose of preparing the ground for a ground invasion.

“Site hacks are classic techniques for intimidating public opinion. They are generally more public relations operations,” says Oscar Jonsson.

It would then be rather a means of diplomatic pressure.

A way to give a taste of the damage that these pirates can inflict if the West does not agree to release ballast to the East.

There remains the question of the virus disguised as ransomware.

“It is difficult to know exactly what the goal is,” acknowledges Oscar Jonsson.

"The precise list of entities that were attacked has not been made public and we do not know the extent of the damage," adds Gérôme Billois.

In other words, it is difficult to know whether critical infrastructures have been hit or targeted and to what extent this diminishes Ukraine's ability to react in the event of a Russian military operation.

Two essential elements to assess whether these cyberattacks were intended to prepare the ground for the soldiers or whether it was a new warning to the West following the failure of the negotiations.

The summary of the

France 24 week invites you to come back to the news that marked the week

I subscribe

Take international news everywhere with you!

Download the France 24 app

google-play-badge_EN

Keywords: