A comprehensive report by the Royal United Services Institute (RUSI) reveals a notable shift in Russia’s cyber warfare strategy in Ukraine. Previously focused on large-scale attacks against Ukrainian civilian infrastructure, Russian cyber operations have now pivoted towards gathering tactical military intelligence. This strategic change is timed with the Kremlin’s preparation for a major summer offensive, aimed at reclaiming territory lost during Ukraine’s 2023 counter-offensive. The report highlights how Russian intelligence services have adapted their cyber strategy to align with the ongoing demands of the protracted conflict.
Dan Black, Manager of Cyber Espionage Analysis at Google Cloud’s Mandiant and the author of the RUSI report, explains that Russian cyber units are now targeting frontline Ukrainian military computers and mobile devices. This shift reflects a broader strategic reorientation towards acquiring actionable intelligence that can directly benefit Russian military operations. The initial focus on disruptive cyber attacks against civilian infrastructure, which was based on the assumption of a short-term conflict, has been replaced by efforts to support the Kremlin’s tactical objectives on the battlefield.
The report outlines several advanced techniques employed by Russian cyber units to achieve their new objectives. One key method involves hacking smartphones used by Ukrainian soldiers to obtain critical location data, which is used to track and target Ukrainian positions. Additionally, the cyber operatives exploit encrypted messaging applications, such as Signal and Telegram, using social engineering tactics to gain access to sensitive communications. These approaches are complicated by the sophisticated cryptographic protocols used by these applications, making the attacks particularly challenging.
Furthermore, the RUSI report details how Russian cyber operations extend to penetrating Ukrainian battlefield management systems like Delta and Kropyva. These systems are crucial for managing and coordinating military operations, and Russian hackers employ social engineering attacks to obtain login credentials and uncover operational plans. The report also notes efforts to compromise webcams in urban areas to map Ukrainian air defenses and other critical infrastructure. Black underscores that this evolving cyber threat landscape necessitates a renewed focus on bolstering Ukraine’s cyber defenses and ensuring continued international support to counteract these sophisticated and adaptive cyber threats.
Reference:
