SlideShare a Scribd company logo
1 of 12
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
Russia Ukraine War
Cyberspace Operations
In general
In the ongoing Russian-Ukrainian war, Russia, in parallel with conventional operations,
conducts a set of information operations which include psychological operations, cyber
warfare operations and disinformation operations. In this type of operations, Social Media,
telecommunications, mass media, and Internet providers play an important role in both
disseminating information about the war and shaping public opinion.
As far as the digital perspective of the conflict, it is tentative to characterize it as a high-
intensity1
hybrid conflict2
in cyberspace, or better in the wider unified informational
environment of which both cyberspace and the electromagnetic field are considered a part.
Analysis
1 The so-called high-intensity conflicts are symmetrical conflicts involving armed forces that use modern, large-scale technological
means. Practical examples that differentiate these conflicts from low-intensity conflicts are the absence or very limited use of
organized guerrilla warfare, the use of nuclear or non-nuclear ballistic attacks, the deployment of unusually large forces
(quantitatively and qualitatively) by sea, air and land (tanks, destroyers , bombers, etc.) and the declaration of war from one country
to another.
2 Hybrid conflict is a type of conflict that combines many unconventional methods of warfare, such as disinformation,
manipulation of public opinion, economic warfare, sabotage, terrorism, cyber attack, and guerrilla warfare. Actors involved in a
hybrid conflict may include states, terrorist groups, militias, private companies and individuals. In hybrid conflict as the actors
involved, often from increased complexity, may have different objectives and different methods of combat. It can be difficult to
determine who is responsible for actions in a hybrid conflict, as the actors involved may use plausible deniability tactics to hide
their involvement.
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
Russian strategy in the broader information environment has been influenced by
General Gerasimov's vision3
, as it was shaped by the evolution of the mode of conflict in the
early 2000s between hybrid conflicts and a blurred fine line between war and peace.
The new conflict perspective accepts that:
• The form of wars is changing, and the new trend requires the strengthening of the
influence on public opinion and civilian levers of pressure.
• The knowledge of information environment and cyberspace, from a technical and
tactical point of view, and its use as a lever of influence is now fundamental and imperative.
Russia
Russia is not talking about cyber security but for information warfare.
As indicated by the evolution of the Russian vision of the conflict and the blurring of
spatiotemporal boundaries between peace and war, as well as the evolution of modern conflicts towards
a hybridization between conventional and unconventional levers of power, Russian elites see cyberspace
as part of the wider information environment within which information superiority should be acquired
and maintained.
Therefore, they have created their own concept of what Westerners call "cyber security" under
the name "information security". Apparently, the same logic carries over from the defensive side to the
offensive side, where they refer to "information warfare" instead of cyber conflict. The Russian definition
includes, in addition to the vision of classical cyber security, a psychological and a cognitive dimension
which, with the help of technical means, can make it possible to control the information environment.
The information environment is not a transit space but a space that must be controlled with a
long-term perspective as it is a flexible space that allows influence in times of peace and dominance in
times of war. This fundamental understanding of information warfare has expanded beyond the
traditional Western approach to cyber security and is presented as follows by the Russian Ministry of
Defense:
"...Information warfare is a confrontation between two or more states in the information environment
aimed at causing damage to information systems, processes and resources, critical and other structures,
undermining political, economic and social systems, mass psychological manipulation of population to
destabilize society and the state, as well as forcing states to make decisions in the interests of the
opposing side...".
Considering the above new understanding, Russia proceeded with the following basic steps:
• Reorganized (quantitatively, qualitatively, institutionally) its cyber units into information
operations forces capable of supporting a set of information activities through cyberspace.
• Incorporated into its operational planning, private groups (hacktivist groups), to
upgrade technical capabilities in the field of cyberspace and to address problems such as assigning
responsibility for attacks on political targets or other countries outside of Ukraine.
A typical example is the KillNet network, which consists of several hacktivist cyber
groups of the same orientation and aims to:
o Publicity, which allows them to wage a war of influence aimed at hurting the
morale of the European population.
o Strengthening the image that states that Russia could intervene even where it
does not have troops.
3 This vision was confirmed by General Gerasimov in 2019 at the conference of the Academy of Military Sciences, where he
emphasized the importance of hybrid tactics and knowledge of asymmetric warfare:
“In modern conditions, the principle of waging war has been developed based on the coordinated use of military and non-military
measures [...] our Armed Forces must be ready to conduct wars and armed conflicts of a new type using classical and asymmetric
methods of action. Therefore, the search for rational strategies for waging war with various adversaries is of prime importance to the
development of the theory and practice of military strategy.”
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
o Strengthening the belief that European governments are not capable of
protecting their infrastructure and citizens on all fronts and fields.
o Concealing through publicity, the actions of infiltration groups constitute long-
term threats (Advanced Persistent Threats-APT).
• Enriched its arsenal with new types of cutting-edge cyberweapons (deletion software,
ransomware, etc.), which are undetectable and capable of creating serious problems for opponents.
Modus Operandi
Russia plans, conducts, and coordinates the following operations, as part of an upgraded cyber-
based information operations plan aimed at gaining information advantage in the broader information
environment:
• Initial contact operations on targets inside and outside Ukraine, with the aim of covertly
penetrating information systems and the purpose of their subsequent attack and destruction or
prolonged espionage and intelligence gathering.
• Targeted attacks (mainly within Ukraine) using malicious data deletion software (wiper-type
destruction malware), with the aim of destroying the targeted information systems and creating feelings
of confusion and disorientation for decision makers.
• Distributed Denial of Service (DDoS) attacks, with the direct effect of interrupting (for a certain
time) the offered website services and indirectly creating appropriate psychological effects (fear,
mistrust, etc.) in selected audiences. Attacks of this type aim for morale impact, attempting to create
and maintain a sense of insecurity about systems and infrastructure among targeted populations by
allowing sustained socio-political pressure to be maintained at low cost alongside a political or military
conflict. It also gives a political advantage (“leverage advantage” system)4
, conducting aggressive
retaliatory operations without diplomatically or militarily involving the state organizing the attackers.
• Attempts to alter the content of websites (defacement), with the direct effect of altering their
content and indirectly disorienting and misinforming their audiences.
• Disinformation campaigns targeting different kinds of audiences:
o The Russian population, aiming to maintain and support for the war.
o The Ukrainian population to undermine their confidence in Ukraine's ability to resist
Russian aggression.
o The European and American public to cast doubt on Western unity against Russia and
the importance of supporting Ukraine and dealing with domestic issues.
• Collecting intelligence through infiltrating networks and targeting governments outside of
Ukraine that are part of the coalition of countries supporting it. The main target is government agencies,
followed by NGOs (either humanitarian groups involved in aiding the civilian population or think tanks
providing foreign policy advice). Subsequently, several companies in critical sectors such as energy,
defense or IT have been affected by Russian cyber-espionage aimed at supporting its war effort.
4 The "leverage" system refers to the use of some resource or mechanism in order to achieve better results and with greater
impact than would be possible using only basic resources.
In finance and business, the concept of "leverage" often refers to the use of financial instruments, such as loans, in order to increase
the financial impact of an investment or business decision. In other words, using leverage allows a person or company to use a
little money to make a lot more money by taking advantage of the ability to borrow.
Leveraged advantage in cyber business refers to how a business can use technology and digital platforms to strengthen its
competitive position and create benefits. In cyber, the concept of leverage refers to how businesses can use technology, data and
digital platforms to enhance their operations, improve performance and create new opportunities. This may include the
development of new technological solutions, the effective use of data for decision-making, and the integration of digital platforms
to upgrade services and processes. By using leverage properly, cyber businesses can achieve a competitive advantage and enhance
their ability to provide effective services and products.
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
• Influence operations, much of which is conducted via the Internet and social media (SMS),
which have regularly been enhanced through the links gained between cyber and hacktivist groups in
the wider information environment. The new tactics are implemented in specific steps:
o First, Russian influence groups are trying to weaponize the fact checking process to be
able to spread the Kremlin's narratives.
o Second, pro-Russian groups are constantly spreading information purportedly from
leaks online targeting politicians and governments that support Ukraine.
o Third, the Russian government and its associated entities often organize press tours
throughout the occupied Ukraine in order to have international communication coverage from friendly
media and to facilitate the achievement of communication goals.
o Fourth, in addition to the operations targeting Moldova, Russia continues its influence
operations in the Ukrainian region and across Europe to widen the audience divide,
discredit pro-Ukrainian leaderships, and promote pro-Russian networks in these regions.
Countries targets of Russian cyberattacks inside and outside Ukraine are:
• Government Websites.
• Media websites.
• Banking system and financial institutions.
• Military infrastructure
• Critical infrastructure: Energy, water supply, transport.
• Satellite communications.
UKRAINE
Although Ukraine has limited counterattack capabilities in the cyberspace domain, it has
attempted to strengthen its cyber defenses through the following actions:
• Reorganization and upgrade of state cyber security services.
• Formation of an IT "army" with the participation of international volunteers.
• Involvement of the entire Ukrainian cyber community in the country's cyber defense.
• Public and Private Sector Partnerships.
• External assistance which includes:
o The exchange of cyber threat information.
o The dispatch by the EU and friendly countries of teams to deal with cyber-incidents.
o Participation of external hybrid actors (hacktivists) in cyber operations against Russia.
In retaliation for the Russian attacks, Ukraine has launched a large number of denial of service
(DDoS) attacks as well as data deletion attacks. Targets include Russian government targets, information
systems of large Russian media companies, financial institutions, defense installations, power grids and
railways.
As part of the cyber counterattacks, independent hackers from around the world have
intercepted and exposed Russian government and financial data, such as emails, information related to
banking activities, energy production and propaganda activities as well as classified details regarding
the Russian ED and the action of agents of the Federal Security Service (FSB). This sensitive information
is then shared with global activists as a way of punishing Russia for its crimes in Ukraine.
A side effect of the hackers' recent activities is their success in wreaking havoc on Russian cyber
systems and shattering the perception of Russia's impregnable cyber defenses.
European Union
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
In its resolution of 1 March 2022, the European Parliament called for the immediate and full
implementation of all decisions that would improve the EU's contribution to strengthening Ukraine's
defense capabilities, including cyber security. In addition, the Parliament urged the EU, NATO and other
like-minded partners to step up their assistance to Ukraine in the cyber field, while calling for the full
activation of the EU cyber sanctions regime against individuals, entities and bodies responsible for or
involved in cyber-attacks against Ukraine.
EU actions can be summarized as follows:
• Enhancing the resilience of the communications infrastructure.
Keeping Ukraine's telecommunications services operational is critical to ensuring the normal
functioning of the Ukrainian government, as well as alleviating the humanitarian crisis.
• Ban Russian propaganda in its war against Ukraine.
Combating war propaganda and disinformation is a particularly pressing issue in Russia's war
• Strengthening the EU toolbox against disinformation.
There are already proposals to increase the funding of Task Force East StratCom and to expand
the EU's early warning system on disinformation to cover Ukraine and other interested parties.
• Support Ukraine's fight against cyber threats.
A cyber rapid response team of EU experts has been deployed for this purpose.
• Strengthening the EU's cybersecurity capabilities.
Further initiatives to ensure the resilience of Europe's electronic communications
infrastructure and networks have been announced, including more cooperation at operational level, a
future cyber resilience act and the creation of a contingency fund for cyber security.
• Limit Russia's access to dual-use technologies.
The EU sanctions adopted on February 25, 2022 are primarily intended to limit Russia's access
to critical advanced technology. Dual-use technologies – specifically those that can be used for both
peaceful and military purposes – such as semiconductors or cutting-edge technologies, radio
communication technology and crypto-assets, must not be sold or otherwise provided for use in Russia
or a Russian entity.
CHINA
It is now known that Chinese hackers are carrying out cyber attacks against Ukraine, although
we can only speculate as to whether these (attacks) had any kind of state support. It is also known that
Chinese hackers taking advantage of the current conflict are carrying out cyber operations against
Russia as well.
The two-way relationship between China and Russia in the wider information environment and
especially in the field of cyberspace is implemented in two operational axes:
• Conducting cyber operations (attacks) before and during the Russian-Ukrainian conflict.
• Redoubling targeting and penetration efforts on both Ukrainian and Russian targets.
Key Points-Conclusions-Lessons
Lateralization and spreading risks.
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
The interconnectedness of information systems and the involvement in the cyber-operations of
independent hacktivist cyber-groups, with little or no state control, increases the risks of the spread of
cyber-attacks or their results beyond Ukraine.
The threat of cyber attacks on European soil has two aspects:
 First, attacks against Ukrainian networks could spread to European networks.
 Second, Russia could choose to launch direct attacks on European targets through its
intelligence services or cyber-criminal groups in order to disrupt Western actions in the Ukraine crisis.
Major Attacks and High Intensity Conflict
In the event of an escalation of the means applied and the radicalization of the conflict, the
intensity of business in the wider information environment and in particular in cyberspace may also
increase and therefore it is important, first of all, to return to the characteristics that it possesses, and
allows under certain conditions , to propose solutions where conventional means may be limited.
The issue of pre-positioning
When setting credible scenarios, the issue of preemption is essential because it allows Russia to
define a precise location for an attack on an organization, thus maximizing tactical and strategic results.
To prevent effective pre-positioning of Russian actors on Ukrainian systems, the US is
conducting defensive strike actions to disable the offensive capabilities of the Russian threat that have
already compromised Ukrainian infrastructure.
Malware as a service (MAAS)
It should be noted that today cyberweapons do not have to go through all the production
phases as in recent years almost everything is available as "as-a-service". In recent years, the possibility
of acquiring "malware as a service" (MaaS-Malware-as-a-Service) or "cybercrime-as-a-Service" (CaaS-
Cybercrime-as-a-Service) has emerged.
Malicious Network Control & Management as a Service
Command & Control as a service (C2aaS)
"Malicious Network Control" (C2aaS-C2 as a Service) services are becoming increasingly
available in the market. These services are designed to give technically inexperienced actors with few
resources the ability to launch primarily distributed denial of service (DDoS) cyberattacks. Such a service
offers a fleet of malicious computers (bots) to be used in attacks (DDoS). These capabilities suggest that
the number of cyber-actors in the Russian-Ukrainian conflict could increase along with the capabilities
of these low-cost services.
Hacker for hire
(Hacker for Hire or hacker-for-hire proxy or Hacker as a Service-Haas)
Russia's choice to use hacker-for-hire proxies to pursue its tactical and strategic goals allows it
to maintain a high level of denial of responsibility for its actions.
Risk of conflict escalation in the space field
Satellite infrastructures are essential systems in wartime as they allow the coordination of
ground troops through imagery and telecommunications, in this light, disrupting the adversary's
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
satellite infrastructure during operations allows significant tactical advantages to be gained in the
military field. Russia has anti-space or anti-satellite-ASAT capabilities, both kinetic (e.g. missiles, lazer
systems, etc.), and non-kinetic (US, cyber weapons), capable of causing physical and virtual reversible
and targeted damages making attribution complex.
Russia's military leadership views cyber weapons as a substitute and/or complement to Electronic
Warfare weapons, implying their possible use together in an operation (a US operation could precede
a cyber-attack on a system based on space and vice versa.
Military sector
Key observations and conclusions
Cyber attacks are capable of disrupting command and control (C2C) systems, which are critical
to the coordination and conduct of military operations. Attackers have the ability to infiltrate such
systems and interfere with communications to disrupt the decision-making process. Cyber-attacks
against the military sector can lead to the exposure of coordinated forces, leakage of military traffic
and/or planned offensive/defensive action data, making the protection of the military sector critical to
protecting personnel, equipment and gaining/maintaining superiority against the enemy.
Ukraine's military cyberspace is a high-intensity battleground with ongoing threats and attacks,
originating from different actors and different countries, mostly aimed at stealing data, conducting
espionage, and destroying assets in an effort to create an immediate and indirect impact on Ukraine's
ability to fight.
Ukraine had to significantly accelerate the development and strengthening of its cyber
capabilities in the military sector with new capabilities that upgrade "traditional" cyber defense
solutions:
• A separate unit within the military structure responsible for cyber defense, capable of
conducting intelligence acquisition activities, cyber operations, cyber information operations.
• Establish a mechanism to attract the necessary number of experts to repel cyber aggression.
• Ability to quickly create new secure communication channels, software solutions.
• Rapidly investigate new threats, deliver research results to cybersecurity entities as well as
produce, review and edit incident response plans.
• Establishing constant communication with foreign partners from military and commercial
sectors.
• Adaptation of rapidly developing cyber-protection systems to existing legislation and
regulatory directives.
• Although not specific to cyber defense, rapid deployment of GSM/4G communication towers
is recommended in case of military conflict or natural disaster. These are self-propelled (generator)
vehicle-mounted communication towers that span locations suffering from power outages and provide
voice and data communication via satellite or line-of-sight link, and can cover a range of 3-6 km.
Digital services in support of the war effort
Traditional communication and information channels (television, radio, news, etc.) are still
important but do not allow rapid warnings of dangerous events, such as airstrikes or artillery strikes,
natural disasters and cyber threats.
There is also a significant need for different kinds of feedback from the population, such as information
about enemy military units in occupied territories, damaged critical infrastructure, etc. Mobile internet,
various messenger systems, special mobile applications, are some modern digital services. , who can
best serve in this role.
On the other hand, the introduction of digital services increases the risk of cyber threats, both
to the services and to their users.
Here are several examples of digital services that have been created in Ukraine in support of
the war effort:
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
SERVICEs
SERVICE DESCRIPTION
National roaming
National roaming made it possible to connect to the network of other operators if the
connection was lost.
Emergency Population Warning
System
The new notification system works on the basis of Cell Broadcast technology, which
has significant advantages over SMS notification: faster receipt of notifications,
flexibility in choosing locations to be notified and the presence of an audio signal even
if the sound on the subscriber's smartphone is turned off. It is not necessary to install
anything specific on the phone - all Ukrainian users can receive the signals
Telegram bot
Owned by the Security Services of Ukraine @stop_russian_war_bot, created by the SSU
at the beginning of the large-scale invasion of Russia to allow people to send alerts
about enemy troops and vehicles, their locations, movements, war crimes,
collaborators, etc. On October 18, 2022, it was reported that the bot had received over
100,000 messages from Ukrainians. This helped destroy hundreds of units of enemy
military equipment and even eliminate several Russian generals.
Interactive map of the territory
The State Emergency Service of Ukraine has developed an interactive map of areas
potentially contaminated with explosives. This map shows the locations where
explosive devices have already been found or are likely to be found and the level of
threat they pose, according to information available to the State Emergency Service
(detection error is up to 30 meters). There is also a corresponding app for mobile
phones (both Android and iOS) with an interactive map, as well as recommendations
on how to detect dangerous objects, safety instructions, etc. It also contains an alert
function with an instant signal if the person enters the red zone.
eVorog Βοτ
Telegram bot developed by the Ministry of Digital Transformation of Ukraine, fully
integrated with Diia (Ukraine digital service) and advanced functionality to detect:
• Enemy equipment and troops.
• Activities of pro-Russian partners.
• Explosive or suspicious objects.
• Photos/videos of Russian military personnel in demilitarized settlements.
єППО
An air raid prevention warning system.
Ukraine has created a mobile phone application that will help air defense units fill in
radar information about aerial targets for their subsequent destruction.
How the application works: if a person visually detects an aerial target, for example, a
missile or a kamikaze drone, he must open the єППО application on his smartphone,
select the type of aerial target, point his smartphone in the direction of him, aim at
him and press the big red button. In this way, the data of the target (position, type,
etc.) end up directly in units of the Ukrainian Air Defense.
Ukraine has demonstrated expertise with the widespread use of digital technologies to ensure
stable communications between the population and state management bodies and vice versa during
the crisis period.
Communication methods demonstrate the importance of the population's sustainable access
to communication services and the internet, as well as informing all citizens of any potential threats,
thus allowing them to assist the armed forces in locating the enemy.
Each country or alliance should consider having a well-developed, tested and reliable public
communication and early warning system.
It is also worth noting that a stand-alone system is not sufficient in today's complex
communication landscape, and for this reason state security agencies and state government agencies
should maintain an online presence within such networks as Signal, Telegram, Twitter and other. The key
point is that accounts on such platforms must be verified and trusted. Trust and confidentiality in such
accounts must be at a high level to avoid impersonation or misinformation.
General Conclusions
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
The use of cyberspace as a field for conducting operations actually first started in 2007 with the
cyber attacks in Estonia, continued with the attacks in Georgia in 2008 where cyber attacks and cyber
influence operations were used alongside conventional operations.
The full integration of such operations into the entire military effort occurred during the war in
Ukraine, where cyber operations played, and continue to play, an important role even before the start
of conventional operations, crippling the offensive and defensive capabilities of the adversary, thereby
affecting his morale. Actions in cyberspace on the part of Russia had as their main objective the support
of conventional, mainly ground operations, but also the creation of appropriate psychological effects
on specific target audiences.
According to the statistical report of the State Cyber Protection Center of Ukraine, in 2022 there
were 2.8 times more cyber incidents than in 2021. The number of cyber incidents related to the spread
of malware and information recovery increased by 18.3 and 2.2 times respectively.
The number of detected incidents related to Russia increased by 26%. In 2022, 2194 cyber
attacks were detected and officially investigated (1655 as of February 2022).
Russia's aggressive cyber operations, along with electronic warfare, have failed to disrupt
Ukraine's command and control (C2) system and its critical private and public infrastructure for an
extended period of time. Ukraine, with the help of private companies and Western governments, has
managed not only to mitigate the majority of cyber-attacks against its infrastructure but also to develop
offensive cyber-capabilities of its own.
The biggest cyber threat to Ukraine is the hacker groups associated with the FSB, the GRU and
the SVR. To a lesser extent, financially motivated hacker groups and pro-Russian hacktivist groups also
pose a threat. The most active hacking groups are Sandworm, APT28, EmberBear, Turla, Gamaredon,
Calisto and APT29, while KillNet, NoName057, People's Cyber Army, Xaknet Team and RaHDit are the
most active pro-Russian hacktivist groups.
Findings in the Field (Cyberspace)
The two years of war in Ukraine have provided several conclusions regarding the use of cyber
capabilities during a conventional conflict:
• Russia developed and exhausted its initial cyber capabilities shortly before and during the
invasion on February 24, 2022. Russian cyber operations aimed to undermine Ukraine's military
operations, economic and government sectors, gain access to critical infrastructure as well as in denying
the public access to the information. Many attacks targeted Ukraine's critical infrastructure with the aim
of disrupting its operations.
• Russian cyberattacks have failed to create a serious long-term problem in Ukrainian critical
infrastructure.
• The Russians focus mainly on Distributed Denial of Service (DDoS) attacks, propaganda and
defamation operations, and phishing operations. As a result, Ukraine pays more attention to the specifics
of such attacks.
• Russia is trying to find new allies to help it in its cyber/military operations, which will potentially
create more damage as it tries to achieve its goals, possibly turning to China who hopes to take an active
part in the geopolitical situation in Europe.
• It is almost certain that Russian state-sponsored cyber threat actors will continue their
activities in furtherance of the Russian military's strategic and tactical objectives in Ukraine.
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
• Although Russian cyber-activities are mainly focused on targets in Ukraine, there is a high
possibility that the attacks will be transferred-expanded (diffusion) to Europe and the countries that
support Ukraine.
• Given Russia's focus on destroying or creating a significant problem in Ukraine's critical
infrastructure, it is safe to assume that cyber operations are and will be used in the future within cross-
sectoral operations planning in support of conventional mobile warfare operations.
• Ukraine managed to limit the damage to its infrastructure by moving many of its services to
cloud infrastructure outside the country. After each cyberattack, Ukraine's infrastructure systems became
less vulnerable. Initially, although defense was the main priority in infrastructure protection, over time it
has changed to an offensive strategy.
• Cooperation between institutions, organizations and states is a critical factor in maintaining
infrastructure protection at a high level.
• Cyber security is no longer a matter for experts. In every country, people are the first line of
defense against cyber attacks.
• Defense against a military invasion requires for most countries the ability to export and
distribute their digital operations beyond their borders to other countries.
• Russia from the beginning of the conflict targeted Ukraine's information infrastructure with
both conventional (missiles) and digital means (wipeware). However, Ukraine has managed to move and
thereby protect a large part of its civil and military digital infrastructure to cloud hosting mainly outside
the country.
• Recent advances in cyber threat intelligence and end-point protection have helped Ukraine
counter a large percentage of Russia's devastating cyber attacks.
In today's conflict, Russian cyberattacks are different from those seen in 2017 with the case of
the NotPetya malware. In this particular attack (2017) destructive malware was used which had the ability
to spread uncontrollably across interconnected systems within and outside the country. Today's Russian
attacks have seen a reduction in the spread of malware outside of Ukraine while increasing the effort to
synchronize cyber-attacks with the corresponding conventional operations. Defenders' use of artificial
intelligence (AI) threat intelligence processes as well as endpoint protection solutions enabled the rapid
distribution of software/protection code to detect and counter attacks.
• As a coalition of countries has assembled to defend Ukraine, Russian intelligence services have
stepped up efforts to spy and infiltrate information networks targeting allied governments outside
Ukraine.
Infiltration actions have been detected in 128 organizations in 42 countries outside of Ukraine.
The main target are countries that support Ukraine such as: the USA, Poland, the Baltic countries,
Denmark, Norway, Finland, Turkey as well as other NATO countries. The list of targets in these countries
includes government infrastructure, think tanks, humanitarian organizations, IT companies, energy and
critical infrastructure and their support companies.
• In conjunction with existing cyber activities, Russian agencies are conducting corresponding
global cyber influence operations in support of its war effort.
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
These operations combine tactics developed decades ago by the KGB with new digital
technologies and the Internet to give influence operations greater geographic coverage, speed,
adaptability, more precise targeting, and greater power. Such enterprises with sufficient planning and
know-how can take advantage of the immediacy and breadth of democratic societies.
The Russians focused their influence operations on four target audiences:
o Russian population: Continued support of the war effort.
o Ukrainian population: Undermining confidence in the country's will and ability to resist
Russian attacks.
o American and European audiences: Undermining Western unity and deflecting criticism of
Russian war crimes>
o non-allied audience: To maintain support for Russia in the UN and other organizations.
Russian cyber influence operations are directly linked to tactics created for other types of cyber
operations such as the Advanced Persistent Threat-APT (Advanced Persistent Threat-APT) tactics of the
Russian intelligence services, the Advanced Persistent Manipulation-APM (APM) teams associated with
government agencies and operate through Social Media and digital platforms.
These cyber-influence companies planted narratives in much the same way that other cyber-
enterprises planted malware on information systems. They then launched a broad and simultaneous
"reporting" of the specific narratives from websites that were under the control of the Russian
government while being magnified through Social Media exploitation tool technologies. Recent
examples include narratives surrounding biolabs and multiple attempts to cover up military attacks
against Ukrainian civilians. Russian cyber influence operations are estimated to have successfully
increased the spread of Russian propaganda since the start of the war by 216% in Ukraine and 82% in
the United States.
• Lessons from Ukraine require a comprehensive and coordinated strategy to strengthen
defenses against the full range of cyber operations whether they manifest in the form of destructive
cyber attacks, cyber espionage or influence operations.
While there are key differences between the above operations, the Russian government views
them as part of a broader information operation which, while having its own objectives and goals, is in
full sync with conventional operations. This new reality requires a completely different approach to
dealing with and preventing such threats.
The prevention of such threats should in principle be based on the following assumptions:
o Russian cyber threats are promoted by a common set of actors (groups, agencies, etc.) inside
and outside the Russian government who use similar digital tactics. As a result, advances in both digital
technology, artificial intelligence and data management will be needed to address them.
o Unlike the traditional threats of the past, responses to these types of cyber attacks must be
based on greater public and private collaboration.
o There is a need for close and joint multilateral cooperation between governments to protect
open and democratic societies.
o Defense doctrine should support free expression and avoid censorship in democratic
societies, even as new steps are needed to address the full range of cyber threats that include cyber
influence operations.
The Future
Given the growing close cooperation between Russia and China and the latter's effort to
upgrade its geopolitical position, an increase in the espionage activities of Chinese cyber groups, such
as e.g. APT27, APT30, APT31, Ke3chang, Gallium and Mustang Panda, against EU and NATO member
states, alongside ongoing threats from politically motivated Russian cyber groups.
Russia Ukraine War: Cyberspace Operations
Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant
Given the significant experience and capabilities of Russian special services, it is also important
to protect data storage and transmission infrastructure and network equipment from unauthorized
access and software that could allow attackers to gain remote access to target systems.
The future will see an ever-increasing investment in both defensive and offensive cyber
capabilities, which is necessary to mitigate security risks. Organizations can significantly reduce their
vulnerability to cyber attacks by implementing strong cyber security measures such as firewalls, intrusion
detection systems and employee training programs. Additionally, having a comprehensive cyber
defense strategy can help minimize the impact of a successful attack. Investing in cyber defense is
essential self-defense for businesses and governments against the growing threat of cyber attacks. The
cost of a successful attack can be devastating, and the risks are growing as our world becomes more
digital.
The technology revolution has reached even the most everyday people around the world, and
cyber threats have followed. Cyber security is no longer just for professionals. People are the first line of
defense against cyber attacks in any country. They are often the first point of contact with potential
threats, and their actions can either increase or decrease the likelihood of a successful attack. Educating
people about the risks and using best practices can help prevent attacks and minimize damage if an
attack is successful. From providing information through state and private media such as television and
radio, to education and training in schools and universities, cyber awareness and defense must be taught
and trained.
The recent explosion of artificial intelligence (AI) technology has the potential to be a game
changer in cyber warfare. Artificial intelligence is already being used in cyber defense to identify and
respond to threats more quickly and effectively, but it may well be used by attackers to conduct
sophisticated cyber attacks.
One way in which artificial intelligence can be deployed in cyberwarfare is through the use of
Machine Learning-ML Algorithms to detect patterns and anomalies in network traffic. It could ensure
real-time detection and response to threats and improved speed and accuracy of cyber defense.
Another potential use of artificial intelligence in cyberwarfare is the development of
autonomous malware that can adapt and evolve in response to changing conditions. It could conduct
cyber attacks, it would be harder for defenders to detect and counter. Overall, while AI has the potential
to be a powerful tool for cyber defense, it also poses significant challenges for those working in the
field. As such, it will be important for cybersecurity professionals to develop new strategies and tools to
address the threats posed by artificial intelligence in cyberwarfare.

More Related Content

Similar to Russia Ukraine war Cyberspace operations (2022-2024)

CRISIS COMMUNICATIONS IN GLOBAL POLITICS
CRISIS COMMUNICATIONS IN GLOBAL POLITICSCRISIS COMMUNICATIONS IN GLOBAL POLITICS
CRISIS COMMUNICATIONS IN GLOBAL POLITICSAnton Shynkaruk
 
Foreign military studies office publications human network attacks
Foreign military studies office publications   human network attacksForeign military studies office publications   human network attacks
Foreign military studies office publications human network attacksClifford Stone
 
Special Forces-future challenges
Special Forces-future challengesSpecial Forces-future challenges
Special Forces-future challengesadrian ciolponea
 
A STUDY ON THE IMPACT OF BLAST LOADING FOR NUCLEAR EXPLOSION ON STRUCTURES
A STUDY ON THE IMPACT OF BLAST LOADING FOR NUCLEAR EXPLOSION ON STRUCTURESA STUDY ON THE IMPACT OF BLAST LOADING FOR NUCLEAR EXPLOSION ON STRUCTURES
A STUDY ON THE IMPACT OF BLAST LOADING FOR NUCLEAR EXPLOSION ON STRUCTURESIAEME Publication
 
Research in Information Security and Information Warfare- The economics, warf...
Research in Information Security and Information Warfare- The economics, warf...Research in Information Security and Information Warfare- The economics, warf...
Research in Information Security and Information Warfare- The economics, warf...Quinnipiac University
 
Epistemic Intelligence Communities. Counterintelligence
Epistemic Intelligence Communities. CounterintelligenceEpistemic Intelligence Communities. Counterintelligence
Epistemic Intelligence Communities. CounterintelligenceNicolae Sfetcu
 
Cyber war as a modern war weapon
Cyber war as a modern war weaponCyber war as a modern war weapon
Cyber war as a modern war weaponFernando Alcoforado
 
Insurgents in motion: Counterinsurgency and insurgency relocation in Iraq
Insurgents in motion: Counterinsurgency and insurgency relocation in IraqInsurgents in motion: Counterinsurgency and insurgency relocation in Iraq
Insurgents in motion: Counterinsurgency and insurgency relocation in IraqUNU-MERIT
 
Disinformation post report-eng
Disinformation post report-engDisinformation post report-eng
Disinformation post report-engarchiejones4
 
2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_master2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_masterbodaceacat
 
Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015
Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015
Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015Mark Raduenzel
 
Cyber Weapons Proliferation
Cyber Weapons Proliferation                                 Cyber Weapons Proliferation
Cyber Weapons Proliferation OllieShoresna
 
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations --   Inglis 04 27-17 -- SASCCyber-enabled Information Operations --   Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCDavid Sweigert
 
The conceptual model of information confrontation of virtual communities in s...
The conceptual model of information confrontation of virtual communities in s...The conceptual model of information confrontation of virtual communities in s...
The conceptual model of information confrontation of virtual communities in s...IJECEIAES
 

Similar to Russia Ukraine war Cyberspace operations (2022-2024) (20)

CRISIS COMMUNICATIONS IN GLOBAL POLITICS
CRISIS COMMUNICATIONS IN GLOBAL POLITICSCRISIS COMMUNICATIONS IN GLOBAL POLITICS
CRISIS COMMUNICATIONS IN GLOBAL POLITICS
 
Foreign military studies office publications human network attacks
Foreign military studies office publications   human network attacksForeign military studies office publications   human network attacks
Foreign military studies office publications human network attacks
 
Special Forces-future challenges
Special Forces-future challengesSpecial Forces-future challenges
Special Forces-future challenges
 
R41674
R41674R41674
R41674
 
R41674
R41674R41674
R41674
 
A STUDY ON THE IMPACT OF BLAST LOADING FOR NUCLEAR EXPLOSION ON STRUCTURES
A STUDY ON THE IMPACT OF BLAST LOADING FOR NUCLEAR EXPLOSION ON STRUCTURESA STUDY ON THE IMPACT OF BLAST LOADING FOR NUCLEAR EXPLOSION ON STRUCTURES
A STUDY ON THE IMPACT OF BLAST LOADING FOR NUCLEAR EXPLOSION ON STRUCTURES
 
Ijciet 08 02_021
Ijciet 08 02_021Ijciet 08 02_021
Ijciet 08 02_021
 
Research in Information Security and Information Warfare- The economics, warf...
Research in Information Security and Information Warfare- The economics, warf...Research in Information Security and Information Warfare- The economics, warf...
Research in Information Security and Information Warfare- The economics, warf...
 
Deterrence .pptx
Deterrence .pptxDeterrence .pptx
Deterrence .pptx
 
E059
E059E059
E059
 
Non-military dimension of the hybrid war in Ukraine
Non-military dimension of the hybrid war  in UkraineNon-military dimension of the hybrid war  in Ukraine
Non-military dimension of the hybrid war in Ukraine
 
Epistemic Intelligence Communities. Counterintelligence
Epistemic Intelligence Communities. CounterintelligenceEpistemic Intelligence Communities. Counterintelligence
Epistemic Intelligence Communities. Counterintelligence
 
Cyber war as a modern war weapon
Cyber war as a modern war weaponCyber war as a modern war weapon
Cyber war as a modern war weapon
 
Insurgents in motion: Counterinsurgency and insurgency relocation in Iraq
Insurgents in motion: Counterinsurgency and insurgency relocation in IraqInsurgents in motion: Counterinsurgency and insurgency relocation in Iraq
Insurgents in motion: Counterinsurgency and insurgency relocation in Iraq
 
Disinformation post report-eng
Disinformation post report-engDisinformation post report-eng
Disinformation post report-eng
 
2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_master2019 11 terp_breuer_disclosure_master
2019 11 terp_breuer_disclosure_master
 
Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015
Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015
Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015
 
Cyber Weapons Proliferation
Cyber Weapons Proliferation                                 Cyber Weapons Proliferation
Cyber Weapons Proliferation
 
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations --   Inglis 04 27-17 -- SASCCyber-enabled Information Operations --   Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
 
The conceptual model of information confrontation of virtual communities in s...
The conceptual model of information confrontation of virtual communities in s...The conceptual model of information confrontation of virtual communities in s...
The conceptual model of information confrontation of virtual communities in s...
 

More from Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD

More from Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD (20)

Russia Ukraine Conflict_Cyberspace Operations_2021_2023.pdf
Russia Ukraine Conflict_Cyberspace Operations_2021_2023.pdfRussia Ukraine Conflict_Cyberspace Operations_2021_2023.pdf
Russia Ukraine Conflict_Cyberspace Operations_2021_2023.pdf
 
Mitigation of cyber threats 1a.pdf
Mitigation of cyber threats 1a.pdfMitigation of cyber threats 1a.pdf
Mitigation of cyber threats 1a.pdf
 
CYBER KILL CHAIN Table
CYBER KILL CHAIN TableCYBER KILL CHAIN Table
CYBER KILL CHAIN Table
 
Logismika Parakolouthisis.docx
Logismika Parakolouthisis.docxLogismika Parakolouthisis.docx
Logismika Parakolouthisis.docx
 
Surveillance Software.docx
Surveillance Software.docxSurveillance Software.docx
Surveillance Software.docx
 
Ρωσία εναντίον Εσθονίας:ο πρώτος κυβερνοπόλεμος (2007)
Ρωσία εναντίον Εσθονίας:ο πρώτος κυβερνοπόλεμος (2007)Ρωσία εναντίον Εσθονίας:ο πρώτος κυβερνοπόλεμος (2007)
Ρωσία εναντίον Εσθονίας:ο πρώτος κυβερνοπόλεμος (2007)
 
Russia vs Estonia_First Cyber War (2007)
Russia vs Estonia_First Cyber War (2007)Russia vs Estonia_First Cyber War (2007)
Russia vs Estonia_First Cyber War (2007)
 
ΚΥΒΕΡΝΟΠΟΛΕΜΟΣ
ΚΥΒΕΡΝΟΠΟΛΕΜΟΣΚΥΒΕΡΝΟΠΟΛΕΜΟΣ
ΚΥΒΕΡΝΟΠΟΛΕΜΟΣ
 
Cyber War
Cyber WarCyber War
Cyber War
 
Κυβερνοχώρος: Νέο πεδίο αντιπαραθέσεων
Κυβερνοχώρος: Νέο πεδίο αντιπαραθέσεωνΚυβερνοχώρος: Νέο πεδίο αντιπαραθέσεων
Κυβερνοχώρος: Νέο πεδίο αντιπαραθέσεων
 
Πληροφοριακός Πόλεμος-Information Warfare
Πληροφοριακός Πόλεμος-Information WarfareΠληροφοριακός Πόλεμος-Information Warfare
Πληροφοριακός Πόλεμος-Information Warfare
 
Corporate Cyber Security
Corporate Cyber SecurityCorporate Cyber Security
Corporate Cyber Security
 
Russia Georgia 2008 Conflict-Information Operations, Cyberwarfare
Russia Georgia 2008 Conflict-Information Operations, CyberwarfareRussia Georgia 2008 Conflict-Information Operations, Cyberwarfare
Russia Georgia 2008 Conflict-Information Operations, Cyberwarfare
 
Cyber risks for enterprises-Vacations Time
Cyber risks for enterprises-Vacations TimeCyber risks for enterprises-Vacations Time
Cyber risks for enterprises-Vacations Time
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
 
Κυβερνοπόλεμος-Επιχειρήσεις Κυβερνοχώρου-Cyber War-Cyber Warfare
Κυβερνοπόλεμος-Επιχειρήσεις Κυβερνοχώρου-Cyber War-Cyber WarfareΚυβερνοπόλεμος-Επιχειρήσεις Κυβερνοχώρου-Cyber War-Cyber Warfare
Κυβερνοπόλεμος-Επιχειρήσεις Κυβερνοχώρου-Cyber War-Cyber Warfare
 
Οδηγός Προστασίας από την Ηλεκτρονική Εξαπάτηση-Phihing Guide
Οδηγός Προστασίας από την Ηλεκτρονική Εξαπάτηση-Phihing GuideΟδηγός Προστασίας από την Ηλεκτρονική Εξαπάτηση-Phihing Guide
Οδηγός Προστασίας από την Ηλεκτρονική Εξαπάτηση-Phihing Guide
 
Οδηγός Ορθής χρήσης Μέσων Κοινωνικής Δικτύωσης-Social Media Cyber Security Guide
Οδηγός Ορθής χρήσης Μέσων Κοινωνικής Δικτύωσης-Social Media Cyber Security GuideΟδηγός Ορθής χρήσης Μέσων Κοινωνικής Δικτύωσης-Social Media Cyber Security Guide
Οδηγός Ορθής χρήσης Μέσων Κοινωνικής Δικτύωσης-Social Media Cyber Security Guide
 
Cyber Attack to Turkey Dec 2015
Cyber Attack to Turkey Dec 2015 Cyber Attack to Turkey Dec 2015
Cyber Attack to Turkey Dec 2015
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Russia Ukraine war Cyberspace operations (2022-2024)

  • 1. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant Russia Ukraine War Cyberspace Operations In general In the ongoing Russian-Ukrainian war, Russia, in parallel with conventional operations, conducts a set of information operations which include psychological operations, cyber warfare operations and disinformation operations. In this type of operations, Social Media, telecommunications, mass media, and Internet providers play an important role in both disseminating information about the war and shaping public opinion. As far as the digital perspective of the conflict, it is tentative to characterize it as a high- intensity1 hybrid conflict2 in cyberspace, or better in the wider unified informational environment of which both cyberspace and the electromagnetic field are considered a part. Analysis 1 The so-called high-intensity conflicts are symmetrical conflicts involving armed forces that use modern, large-scale technological means. Practical examples that differentiate these conflicts from low-intensity conflicts are the absence or very limited use of organized guerrilla warfare, the use of nuclear or non-nuclear ballistic attacks, the deployment of unusually large forces (quantitatively and qualitatively) by sea, air and land (tanks, destroyers , bombers, etc.) and the declaration of war from one country to another. 2 Hybrid conflict is a type of conflict that combines many unconventional methods of warfare, such as disinformation, manipulation of public opinion, economic warfare, sabotage, terrorism, cyber attack, and guerrilla warfare. Actors involved in a hybrid conflict may include states, terrorist groups, militias, private companies and individuals. In hybrid conflict as the actors involved, often from increased complexity, may have different objectives and different methods of combat. It can be difficult to determine who is responsible for actions in a hybrid conflict, as the actors involved may use plausible deniability tactics to hide their involvement.
  • 2. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant Russian strategy in the broader information environment has been influenced by General Gerasimov's vision3 , as it was shaped by the evolution of the mode of conflict in the early 2000s between hybrid conflicts and a blurred fine line between war and peace. The new conflict perspective accepts that: • The form of wars is changing, and the new trend requires the strengthening of the influence on public opinion and civilian levers of pressure. • The knowledge of information environment and cyberspace, from a technical and tactical point of view, and its use as a lever of influence is now fundamental and imperative. Russia Russia is not talking about cyber security but for information warfare. As indicated by the evolution of the Russian vision of the conflict and the blurring of spatiotemporal boundaries between peace and war, as well as the evolution of modern conflicts towards a hybridization between conventional and unconventional levers of power, Russian elites see cyberspace as part of the wider information environment within which information superiority should be acquired and maintained. Therefore, they have created their own concept of what Westerners call "cyber security" under the name "information security". Apparently, the same logic carries over from the defensive side to the offensive side, where they refer to "information warfare" instead of cyber conflict. The Russian definition includes, in addition to the vision of classical cyber security, a psychological and a cognitive dimension which, with the help of technical means, can make it possible to control the information environment. The information environment is not a transit space but a space that must be controlled with a long-term perspective as it is a flexible space that allows influence in times of peace and dominance in times of war. This fundamental understanding of information warfare has expanded beyond the traditional Western approach to cyber security and is presented as follows by the Russian Ministry of Defense: "...Information warfare is a confrontation between two or more states in the information environment aimed at causing damage to information systems, processes and resources, critical and other structures, undermining political, economic and social systems, mass psychological manipulation of population to destabilize society and the state, as well as forcing states to make decisions in the interests of the opposing side...". Considering the above new understanding, Russia proceeded with the following basic steps: • Reorganized (quantitatively, qualitatively, institutionally) its cyber units into information operations forces capable of supporting a set of information activities through cyberspace. • Incorporated into its operational planning, private groups (hacktivist groups), to upgrade technical capabilities in the field of cyberspace and to address problems such as assigning responsibility for attacks on political targets or other countries outside of Ukraine. A typical example is the KillNet network, which consists of several hacktivist cyber groups of the same orientation and aims to: o Publicity, which allows them to wage a war of influence aimed at hurting the morale of the European population. o Strengthening the image that states that Russia could intervene even where it does not have troops. 3 This vision was confirmed by General Gerasimov in 2019 at the conference of the Academy of Military Sciences, where he emphasized the importance of hybrid tactics and knowledge of asymmetric warfare: “In modern conditions, the principle of waging war has been developed based on the coordinated use of military and non-military measures [...] our Armed Forces must be ready to conduct wars and armed conflicts of a new type using classical and asymmetric methods of action. Therefore, the search for rational strategies for waging war with various adversaries is of prime importance to the development of the theory and practice of military strategy.”
  • 3. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant o Strengthening the belief that European governments are not capable of protecting their infrastructure and citizens on all fronts and fields. o Concealing through publicity, the actions of infiltration groups constitute long- term threats (Advanced Persistent Threats-APT). • Enriched its arsenal with new types of cutting-edge cyberweapons (deletion software, ransomware, etc.), which are undetectable and capable of creating serious problems for opponents. Modus Operandi Russia plans, conducts, and coordinates the following operations, as part of an upgraded cyber- based information operations plan aimed at gaining information advantage in the broader information environment: • Initial contact operations on targets inside and outside Ukraine, with the aim of covertly penetrating information systems and the purpose of their subsequent attack and destruction or prolonged espionage and intelligence gathering. • Targeted attacks (mainly within Ukraine) using malicious data deletion software (wiper-type destruction malware), with the aim of destroying the targeted information systems and creating feelings of confusion and disorientation for decision makers. • Distributed Denial of Service (DDoS) attacks, with the direct effect of interrupting (for a certain time) the offered website services and indirectly creating appropriate psychological effects (fear, mistrust, etc.) in selected audiences. Attacks of this type aim for morale impact, attempting to create and maintain a sense of insecurity about systems and infrastructure among targeted populations by allowing sustained socio-political pressure to be maintained at low cost alongside a political or military conflict. It also gives a political advantage (“leverage advantage” system)4 , conducting aggressive retaliatory operations without diplomatically or militarily involving the state organizing the attackers. • Attempts to alter the content of websites (defacement), with the direct effect of altering their content and indirectly disorienting and misinforming their audiences. • Disinformation campaigns targeting different kinds of audiences: o The Russian population, aiming to maintain and support for the war. o The Ukrainian population to undermine their confidence in Ukraine's ability to resist Russian aggression. o The European and American public to cast doubt on Western unity against Russia and the importance of supporting Ukraine and dealing with domestic issues. • Collecting intelligence through infiltrating networks and targeting governments outside of Ukraine that are part of the coalition of countries supporting it. The main target is government agencies, followed by NGOs (either humanitarian groups involved in aiding the civilian population or think tanks providing foreign policy advice). Subsequently, several companies in critical sectors such as energy, defense or IT have been affected by Russian cyber-espionage aimed at supporting its war effort. 4 The "leverage" system refers to the use of some resource or mechanism in order to achieve better results and with greater impact than would be possible using only basic resources. In finance and business, the concept of "leverage" often refers to the use of financial instruments, such as loans, in order to increase the financial impact of an investment or business decision. In other words, using leverage allows a person or company to use a little money to make a lot more money by taking advantage of the ability to borrow. Leveraged advantage in cyber business refers to how a business can use technology and digital platforms to strengthen its competitive position and create benefits. In cyber, the concept of leverage refers to how businesses can use technology, data and digital platforms to enhance their operations, improve performance and create new opportunities. This may include the development of new technological solutions, the effective use of data for decision-making, and the integration of digital platforms to upgrade services and processes. By using leverage properly, cyber businesses can achieve a competitive advantage and enhance their ability to provide effective services and products.
  • 4. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant • Influence operations, much of which is conducted via the Internet and social media (SMS), which have regularly been enhanced through the links gained between cyber and hacktivist groups in the wider information environment. The new tactics are implemented in specific steps: o First, Russian influence groups are trying to weaponize the fact checking process to be able to spread the Kremlin's narratives. o Second, pro-Russian groups are constantly spreading information purportedly from leaks online targeting politicians and governments that support Ukraine. o Third, the Russian government and its associated entities often organize press tours throughout the occupied Ukraine in order to have international communication coverage from friendly media and to facilitate the achievement of communication goals. o Fourth, in addition to the operations targeting Moldova, Russia continues its influence operations in the Ukrainian region and across Europe to widen the audience divide, discredit pro-Ukrainian leaderships, and promote pro-Russian networks in these regions. Countries targets of Russian cyberattacks inside and outside Ukraine are: • Government Websites. • Media websites. • Banking system and financial institutions. • Military infrastructure • Critical infrastructure: Energy, water supply, transport. • Satellite communications. UKRAINE Although Ukraine has limited counterattack capabilities in the cyberspace domain, it has attempted to strengthen its cyber defenses through the following actions: • Reorganization and upgrade of state cyber security services. • Formation of an IT "army" with the participation of international volunteers. • Involvement of the entire Ukrainian cyber community in the country's cyber defense. • Public and Private Sector Partnerships. • External assistance which includes: o The exchange of cyber threat information. o The dispatch by the EU and friendly countries of teams to deal with cyber-incidents. o Participation of external hybrid actors (hacktivists) in cyber operations against Russia. In retaliation for the Russian attacks, Ukraine has launched a large number of denial of service (DDoS) attacks as well as data deletion attacks. Targets include Russian government targets, information systems of large Russian media companies, financial institutions, defense installations, power grids and railways. As part of the cyber counterattacks, independent hackers from around the world have intercepted and exposed Russian government and financial data, such as emails, information related to banking activities, energy production and propaganda activities as well as classified details regarding the Russian ED and the action of agents of the Federal Security Service (FSB). This sensitive information is then shared with global activists as a way of punishing Russia for its crimes in Ukraine. A side effect of the hackers' recent activities is their success in wreaking havoc on Russian cyber systems and shattering the perception of Russia's impregnable cyber defenses. European Union
  • 5. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant In its resolution of 1 March 2022, the European Parliament called for the immediate and full implementation of all decisions that would improve the EU's contribution to strengthening Ukraine's defense capabilities, including cyber security. In addition, the Parliament urged the EU, NATO and other like-minded partners to step up their assistance to Ukraine in the cyber field, while calling for the full activation of the EU cyber sanctions regime against individuals, entities and bodies responsible for or involved in cyber-attacks against Ukraine. EU actions can be summarized as follows: • Enhancing the resilience of the communications infrastructure. Keeping Ukraine's telecommunications services operational is critical to ensuring the normal functioning of the Ukrainian government, as well as alleviating the humanitarian crisis. • Ban Russian propaganda in its war against Ukraine. Combating war propaganda and disinformation is a particularly pressing issue in Russia's war • Strengthening the EU toolbox against disinformation. There are already proposals to increase the funding of Task Force East StratCom and to expand the EU's early warning system on disinformation to cover Ukraine and other interested parties. • Support Ukraine's fight against cyber threats. A cyber rapid response team of EU experts has been deployed for this purpose. • Strengthening the EU's cybersecurity capabilities. Further initiatives to ensure the resilience of Europe's electronic communications infrastructure and networks have been announced, including more cooperation at operational level, a future cyber resilience act and the creation of a contingency fund for cyber security. • Limit Russia's access to dual-use technologies. The EU sanctions adopted on February 25, 2022 are primarily intended to limit Russia's access to critical advanced technology. Dual-use technologies – specifically those that can be used for both peaceful and military purposes – such as semiconductors or cutting-edge technologies, radio communication technology and crypto-assets, must not be sold or otherwise provided for use in Russia or a Russian entity. CHINA It is now known that Chinese hackers are carrying out cyber attacks against Ukraine, although we can only speculate as to whether these (attacks) had any kind of state support. It is also known that Chinese hackers taking advantage of the current conflict are carrying out cyber operations against Russia as well. The two-way relationship between China and Russia in the wider information environment and especially in the field of cyberspace is implemented in two operational axes: • Conducting cyber operations (attacks) before and during the Russian-Ukrainian conflict. • Redoubling targeting and penetration efforts on both Ukrainian and Russian targets. Key Points-Conclusions-Lessons Lateralization and spreading risks.
  • 6. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant The interconnectedness of information systems and the involvement in the cyber-operations of independent hacktivist cyber-groups, with little or no state control, increases the risks of the spread of cyber-attacks or their results beyond Ukraine. The threat of cyber attacks on European soil has two aspects:  First, attacks against Ukrainian networks could spread to European networks.  Second, Russia could choose to launch direct attacks on European targets through its intelligence services or cyber-criminal groups in order to disrupt Western actions in the Ukraine crisis. Major Attacks and High Intensity Conflict In the event of an escalation of the means applied and the radicalization of the conflict, the intensity of business in the wider information environment and in particular in cyberspace may also increase and therefore it is important, first of all, to return to the characteristics that it possesses, and allows under certain conditions , to propose solutions where conventional means may be limited. The issue of pre-positioning When setting credible scenarios, the issue of preemption is essential because it allows Russia to define a precise location for an attack on an organization, thus maximizing tactical and strategic results. To prevent effective pre-positioning of Russian actors on Ukrainian systems, the US is conducting defensive strike actions to disable the offensive capabilities of the Russian threat that have already compromised Ukrainian infrastructure. Malware as a service (MAAS) It should be noted that today cyberweapons do not have to go through all the production phases as in recent years almost everything is available as "as-a-service". In recent years, the possibility of acquiring "malware as a service" (MaaS-Malware-as-a-Service) or "cybercrime-as-a-Service" (CaaS- Cybercrime-as-a-Service) has emerged. Malicious Network Control & Management as a Service Command & Control as a service (C2aaS) "Malicious Network Control" (C2aaS-C2 as a Service) services are becoming increasingly available in the market. These services are designed to give technically inexperienced actors with few resources the ability to launch primarily distributed denial of service (DDoS) cyberattacks. Such a service offers a fleet of malicious computers (bots) to be used in attacks (DDoS). These capabilities suggest that the number of cyber-actors in the Russian-Ukrainian conflict could increase along with the capabilities of these low-cost services. Hacker for hire (Hacker for Hire or hacker-for-hire proxy or Hacker as a Service-Haas) Russia's choice to use hacker-for-hire proxies to pursue its tactical and strategic goals allows it to maintain a high level of denial of responsibility for its actions. Risk of conflict escalation in the space field Satellite infrastructures are essential systems in wartime as they allow the coordination of ground troops through imagery and telecommunications, in this light, disrupting the adversary's
  • 7. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant satellite infrastructure during operations allows significant tactical advantages to be gained in the military field. Russia has anti-space or anti-satellite-ASAT capabilities, both kinetic (e.g. missiles, lazer systems, etc.), and non-kinetic (US, cyber weapons), capable of causing physical and virtual reversible and targeted damages making attribution complex. Russia's military leadership views cyber weapons as a substitute and/or complement to Electronic Warfare weapons, implying their possible use together in an operation (a US operation could precede a cyber-attack on a system based on space and vice versa. Military sector Key observations and conclusions Cyber attacks are capable of disrupting command and control (C2C) systems, which are critical to the coordination and conduct of military operations. Attackers have the ability to infiltrate such systems and interfere with communications to disrupt the decision-making process. Cyber-attacks against the military sector can lead to the exposure of coordinated forces, leakage of military traffic and/or planned offensive/defensive action data, making the protection of the military sector critical to protecting personnel, equipment and gaining/maintaining superiority against the enemy. Ukraine's military cyberspace is a high-intensity battleground with ongoing threats and attacks, originating from different actors and different countries, mostly aimed at stealing data, conducting espionage, and destroying assets in an effort to create an immediate and indirect impact on Ukraine's ability to fight. Ukraine had to significantly accelerate the development and strengthening of its cyber capabilities in the military sector with new capabilities that upgrade "traditional" cyber defense solutions: • A separate unit within the military structure responsible for cyber defense, capable of conducting intelligence acquisition activities, cyber operations, cyber information operations. • Establish a mechanism to attract the necessary number of experts to repel cyber aggression. • Ability to quickly create new secure communication channels, software solutions. • Rapidly investigate new threats, deliver research results to cybersecurity entities as well as produce, review and edit incident response plans. • Establishing constant communication with foreign partners from military and commercial sectors. • Adaptation of rapidly developing cyber-protection systems to existing legislation and regulatory directives. • Although not specific to cyber defense, rapid deployment of GSM/4G communication towers is recommended in case of military conflict or natural disaster. These are self-propelled (generator) vehicle-mounted communication towers that span locations suffering from power outages and provide voice and data communication via satellite or line-of-sight link, and can cover a range of 3-6 km. Digital services in support of the war effort Traditional communication and information channels (television, radio, news, etc.) are still important but do not allow rapid warnings of dangerous events, such as airstrikes or artillery strikes, natural disasters and cyber threats. There is also a significant need for different kinds of feedback from the population, such as information about enemy military units in occupied territories, damaged critical infrastructure, etc. Mobile internet, various messenger systems, special mobile applications, are some modern digital services. , who can best serve in this role. On the other hand, the introduction of digital services increases the risk of cyber threats, both to the services and to their users. Here are several examples of digital services that have been created in Ukraine in support of the war effort:
  • 8. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant SERVICEs SERVICE DESCRIPTION National roaming National roaming made it possible to connect to the network of other operators if the connection was lost. Emergency Population Warning System The new notification system works on the basis of Cell Broadcast technology, which has significant advantages over SMS notification: faster receipt of notifications, flexibility in choosing locations to be notified and the presence of an audio signal even if the sound on the subscriber's smartphone is turned off. It is not necessary to install anything specific on the phone - all Ukrainian users can receive the signals Telegram bot Owned by the Security Services of Ukraine @stop_russian_war_bot, created by the SSU at the beginning of the large-scale invasion of Russia to allow people to send alerts about enemy troops and vehicles, their locations, movements, war crimes, collaborators, etc. On October 18, 2022, it was reported that the bot had received over 100,000 messages from Ukrainians. This helped destroy hundreds of units of enemy military equipment and even eliminate several Russian generals. Interactive map of the territory The State Emergency Service of Ukraine has developed an interactive map of areas potentially contaminated with explosives. This map shows the locations where explosive devices have already been found or are likely to be found and the level of threat they pose, according to information available to the State Emergency Service (detection error is up to 30 meters). There is also a corresponding app for mobile phones (both Android and iOS) with an interactive map, as well as recommendations on how to detect dangerous objects, safety instructions, etc. It also contains an alert function with an instant signal if the person enters the red zone. eVorog Βοτ Telegram bot developed by the Ministry of Digital Transformation of Ukraine, fully integrated with Diia (Ukraine digital service) and advanced functionality to detect: • Enemy equipment and troops. • Activities of pro-Russian partners. • Explosive or suspicious objects. • Photos/videos of Russian military personnel in demilitarized settlements. єППО An air raid prevention warning system. Ukraine has created a mobile phone application that will help air defense units fill in radar information about aerial targets for their subsequent destruction. How the application works: if a person visually detects an aerial target, for example, a missile or a kamikaze drone, he must open the єППО application on his smartphone, select the type of aerial target, point his smartphone in the direction of him, aim at him and press the big red button. In this way, the data of the target (position, type, etc.) end up directly in units of the Ukrainian Air Defense. Ukraine has demonstrated expertise with the widespread use of digital technologies to ensure stable communications between the population and state management bodies and vice versa during the crisis period. Communication methods demonstrate the importance of the population's sustainable access to communication services and the internet, as well as informing all citizens of any potential threats, thus allowing them to assist the armed forces in locating the enemy. Each country or alliance should consider having a well-developed, tested and reliable public communication and early warning system. It is also worth noting that a stand-alone system is not sufficient in today's complex communication landscape, and for this reason state security agencies and state government agencies should maintain an online presence within such networks as Signal, Telegram, Twitter and other. The key point is that accounts on such platforms must be verified and trusted. Trust and confidentiality in such accounts must be at a high level to avoid impersonation or misinformation. General Conclusions
  • 9. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant The use of cyberspace as a field for conducting operations actually first started in 2007 with the cyber attacks in Estonia, continued with the attacks in Georgia in 2008 where cyber attacks and cyber influence operations were used alongside conventional operations. The full integration of such operations into the entire military effort occurred during the war in Ukraine, where cyber operations played, and continue to play, an important role even before the start of conventional operations, crippling the offensive and defensive capabilities of the adversary, thereby affecting his morale. Actions in cyberspace on the part of Russia had as their main objective the support of conventional, mainly ground operations, but also the creation of appropriate psychological effects on specific target audiences. According to the statistical report of the State Cyber Protection Center of Ukraine, in 2022 there were 2.8 times more cyber incidents than in 2021. The number of cyber incidents related to the spread of malware and information recovery increased by 18.3 and 2.2 times respectively. The number of detected incidents related to Russia increased by 26%. In 2022, 2194 cyber attacks were detected and officially investigated (1655 as of February 2022). Russia's aggressive cyber operations, along with electronic warfare, have failed to disrupt Ukraine's command and control (C2) system and its critical private and public infrastructure for an extended period of time. Ukraine, with the help of private companies and Western governments, has managed not only to mitigate the majority of cyber-attacks against its infrastructure but also to develop offensive cyber-capabilities of its own. The biggest cyber threat to Ukraine is the hacker groups associated with the FSB, the GRU and the SVR. To a lesser extent, financially motivated hacker groups and pro-Russian hacktivist groups also pose a threat. The most active hacking groups are Sandworm, APT28, EmberBear, Turla, Gamaredon, Calisto and APT29, while KillNet, NoName057, People's Cyber Army, Xaknet Team and RaHDit are the most active pro-Russian hacktivist groups. Findings in the Field (Cyberspace) The two years of war in Ukraine have provided several conclusions regarding the use of cyber capabilities during a conventional conflict: • Russia developed and exhausted its initial cyber capabilities shortly before and during the invasion on February 24, 2022. Russian cyber operations aimed to undermine Ukraine's military operations, economic and government sectors, gain access to critical infrastructure as well as in denying the public access to the information. Many attacks targeted Ukraine's critical infrastructure with the aim of disrupting its operations. • Russian cyberattacks have failed to create a serious long-term problem in Ukrainian critical infrastructure. • The Russians focus mainly on Distributed Denial of Service (DDoS) attacks, propaganda and defamation operations, and phishing operations. As a result, Ukraine pays more attention to the specifics of such attacks. • Russia is trying to find new allies to help it in its cyber/military operations, which will potentially create more damage as it tries to achieve its goals, possibly turning to China who hopes to take an active part in the geopolitical situation in Europe. • It is almost certain that Russian state-sponsored cyber threat actors will continue their activities in furtherance of the Russian military's strategic and tactical objectives in Ukraine.
  • 10. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant • Although Russian cyber-activities are mainly focused on targets in Ukraine, there is a high possibility that the attacks will be transferred-expanded (diffusion) to Europe and the countries that support Ukraine. • Given Russia's focus on destroying or creating a significant problem in Ukraine's critical infrastructure, it is safe to assume that cyber operations are and will be used in the future within cross- sectoral operations planning in support of conventional mobile warfare operations. • Ukraine managed to limit the damage to its infrastructure by moving many of its services to cloud infrastructure outside the country. After each cyberattack, Ukraine's infrastructure systems became less vulnerable. Initially, although defense was the main priority in infrastructure protection, over time it has changed to an offensive strategy. • Cooperation between institutions, organizations and states is a critical factor in maintaining infrastructure protection at a high level. • Cyber security is no longer a matter for experts. In every country, people are the first line of defense against cyber attacks. • Defense against a military invasion requires for most countries the ability to export and distribute their digital operations beyond their borders to other countries. • Russia from the beginning of the conflict targeted Ukraine's information infrastructure with both conventional (missiles) and digital means (wipeware). However, Ukraine has managed to move and thereby protect a large part of its civil and military digital infrastructure to cloud hosting mainly outside the country. • Recent advances in cyber threat intelligence and end-point protection have helped Ukraine counter a large percentage of Russia's devastating cyber attacks. In today's conflict, Russian cyberattacks are different from those seen in 2017 with the case of the NotPetya malware. In this particular attack (2017) destructive malware was used which had the ability to spread uncontrollably across interconnected systems within and outside the country. Today's Russian attacks have seen a reduction in the spread of malware outside of Ukraine while increasing the effort to synchronize cyber-attacks with the corresponding conventional operations. Defenders' use of artificial intelligence (AI) threat intelligence processes as well as endpoint protection solutions enabled the rapid distribution of software/protection code to detect and counter attacks. • As a coalition of countries has assembled to defend Ukraine, Russian intelligence services have stepped up efforts to spy and infiltrate information networks targeting allied governments outside Ukraine. Infiltration actions have been detected in 128 organizations in 42 countries outside of Ukraine. The main target are countries that support Ukraine such as: the USA, Poland, the Baltic countries, Denmark, Norway, Finland, Turkey as well as other NATO countries. The list of targets in these countries includes government infrastructure, think tanks, humanitarian organizations, IT companies, energy and critical infrastructure and their support companies. • In conjunction with existing cyber activities, Russian agencies are conducting corresponding global cyber influence operations in support of its war effort.
  • 11. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant These operations combine tactics developed decades ago by the KGB with new digital technologies and the Internet to give influence operations greater geographic coverage, speed, adaptability, more precise targeting, and greater power. Such enterprises with sufficient planning and know-how can take advantage of the immediacy and breadth of democratic societies. The Russians focused their influence operations on four target audiences: o Russian population: Continued support of the war effort. o Ukrainian population: Undermining confidence in the country's will and ability to resist Russian attacks. o American and European audiences: Undermining Western unity and deflecting criticism of Russian war crimes> o non-allied audience: To maintain support for Russia in the UN and other organizations. Russian cyber influence operations are directly linked to tactics created for other types of cyber operations such as the Advanced Persistent Threat-APT (Advanced Persistent Threat-APT) tactics of the Russian intelligence services, the Advanced Persistent Manipulation-APM (APM) teams associated with government agencies and operate through Social Media and digital platforms. These cyber-influence companies planted narratives in much the same way that other cyber- enterprises planted malware on information systems. They then launched a broad and simultaneous "reporting" of the specific narratives from websites that were under the control of the Russian government while being magnified through Social Media exploitation tool technologies. Recent examples include narratives surrounding biolabs and multiple attempts to cover up military attacks against Ukrainian civilians. Russian cyber influence operations are estimated to have successfully increased the spread of Russian propaganda since the start of the war by 216% in Ukraine and 82% in the United States. • Lessons from Ukraine require a comprehensive and coordinated strategy to strengthen defenses against the full range of cyber operations whether they manifest in the form of destructive cyber attacks, cyber espionage or influence operations. While there are key differences between the above operations, the Russian government views them as part of a broader information operation which, while having its own objectives and goals, is in full sync with conventional operations. This new reality requires a completely different approach to dealing with and preventing such threats. The prevention of such threats should in principle be based on the following assumptions: o Russian cyber threats are promoted by a common set of actors (groups, agencies, etc.) inside and outside the Russian government who use similar digital tactics. As a result, advances in both digital technology, artificial intelligence and data management will be needed to address them. o Unlike the traditional threats of the past, responses to these types of cyber attacks must be based on greater public and private collaboration. o There is a need for close and joint multilateral cooperation between governments to protect open and democratic societies. o Defense doctrine should support free expression and avoid censorship in democratic societies, even as new steps are needed to address the full range of cyber threats that include cyber influence operations. The Future Given the growing close cooperation between Russia and China and the latter's effort to upgrade its geopolitical position, an increase in the espionage activities of Chinese cyber groups, such as e.g. APT27, APT30, APT31, Ke3chang, Gallium and Mustang Panda, against EU and NATO member states, alongside ongoing threats from politically motivated Russian cyber groups.
  • 12. Russia Ukraine War: Cyberspace Operations Papadakis Konstantinos, Cyber- Information Warfare Analyst & Cyber Defense/Security Consultant Given the significant experience and capabilities of Russian special services, it is also important to protect data storage and transmission infrastructure and network equipment from unauthorized access and software that could allow attackers to gain remote access to target systems. The future will see an ever-increasing investment in both defensive and offensive cyber capabilities, which is necessary to mitigate security risks. Organizations can significantly reduce their vulnerability to cyber attacks by implementing strong cyber security measures such as firewalls, intrusion detection systems and employee training programs. Additionally, having a comprehensive cyber defense strategy can help minimize the impact of a successful attack. Investing in cyber defense is essential self-defense for businesses and governments against the growing threat of cyber attacks. The cost of a successful attack can be devastating, and the risks are growing as our world becomes more digital. The technology revolution has reached even the most everyday people around the world, and cyber threats have followed. Cyber security is no longer just for professionals. People are the first line of defense against cyber attacks in any country. They are often the first point of contact with potential threats, and their actions can either increase or decrease the likelihood of a successful attack. Educating people about the risks and using best practices can help prevent attacks and minimize damage if an attack is successful. From providing information through state and private media such as television and radio, to education and training in schools and universities, cyber awareness and defense must be taught and trained. The recent explosion of artificial intelligence (AI) technology has the potential to be a game changer in cyber warfare. Artificial intelligence is already being used in cyber defense to identify and respond to threats more quickly and effectively, but it may well be used by attackers to conduct sophisticated cyber attacks. One way in which artificial intelligence can be deployed in cyberwarfare is through the use of Machine Learning-ML Algorithms to detect patterns and anomalies in network traffic. It could ensure real-time detection and response to threats and improved speed and accuracy of cyber defense. Another potential use of artificial intelligence in cyberwarfare is the development of autonomous malware that can adapt and evolve in response to changing conditions. It could conduct cyber attacks, it would be harder for defenders to detect and counter. Overall, while AI has the potential to be a powerful tool for cyber defense, it also poses significant challenges for those working in the field. As such, it will be important for cybersecurity professionals to develop new strategies and tools to address the threats posed by artificial intelligence in cyberwarfare.