The orders are emitted like a clock. Every day, often around 5 a.m. local time, the Telegram channel that hosts Ukraine’s unprecedented “hacker army” of hackers broadcasts a new list of targets. The group of volunteers has been taking Russian websites offline using wave after wave of distributed denial of service (DDoS) attacks, which have flooded websites with traffic requests and made them inaccessible since it began. the war.
Russian online payment services, government departments, airlines and food delivery companies have been attacked by the military as it seeks to disrupt daily life in Russia. “Russians have noticed common problems in the work of television broadcasting services today,” government-backed Telegram channel operators reported after a claimed operation in mid-April.
The actions of the computer army were just the beginning. Since Russia invaded Ukraine in late February, the country has faced an unprecedented barrage of piracy activities. Hacktivists, Ukrainian and foreign forces from around the world involved in the cyber army have focused on Russia and its business. DDoS attacks make up the bulk of the action, but researchers have detected ransomware software designed for Russia and have been looking for bugs in Russian systems, which could lead to more sophisticated attacks.
The attacks on Russia contrast with recent history. Many cybercriminals and ransomware groups have links to Russia and do not target the nation. Now, it is opening. “Russia is usually considered one of those countries where cyberattacks come and go,” said Stefano De Blasi, an intelligence analyst on cyber threats at security firm Digital Shadows.
At the beginning of the war, DDoS was relentless. Record levels of DDoS attacks were recorded during the first three months of 2022, according to the analysis of the Russian cybersecurity company Kaspersky. Both Russia and Ukraine used DDoS to try to disrupt each other, but efforts against Russia have been more innovative and protracted.
Ukrainian technology companies transformed the puzzle game 2048 in an easy way to launch DDoS attacks and have developed tools that allow anyone to join the action, regardless of their technical knowledge. “The more we use attack automation tools, the stronger our attacks,” says a message sent to the IT Army Telegram on March 24. Channel operators are urging people to use VPN to disguise their location and help prevent DDoS protections from their targets. In late April, the military launched its own website that lists whether its targets are online or have been withdrawn and includes technical guides. (The Army did not respond to a request for comment.)
“We’ve had some great successes and a lot of websites don’t work,” says Dmytro Budorin, CEO of Ukrainian cybersecurity startup Hacken. When the war broke out, Budorin and his colleagues modified one of the company’s anti-DDoS tools, called disBalancer, so that it could be used to launch DDoS attacks.
Although Kaspersky’s analysis says that the number of DDoS worldwide has returned to normal levels as the war progresses, the attacks last longer, hours instead of minutes. The longest lasted more than 177 hours, more than a week, their researchers found. “The attacks continue regardless of their effectiveness,” says Kaspersky’s analysis. (On March 25, the US government added Kaspersky to its list of threats to national security; the company said it was “disappointed” with the decision. Germany’s cybersecurity agency also warned against the use of Kaspersky software on March 15, although it did not go so well, to the point of banning it. The company said it believed the decision was not made on a technical basis.
Budorin says DDoS has been helpful in helping Ukrainians contribute to the war effort in ways other than fighting, and says both sides have improved their attacks and defense. However, he admits that DDoS does not have a big impact on war. “It doesn’t have much effect on the ultimate goal, and the ultimate goal is to stop the war,” says Budorin.
Since Russia began its large-scale invasion, the country’s hackers have been caught trying to disrupt Ukraine’s power systems, deploy malicious erasure software, and launch predictable disruptive attacks against the Ukrainian government. However, Ukrainian officials now say they have seen a drop in activity. “Quality has declined recently as the enemy cannot prepare as much as it could,” said Yurii Shchyhol, head of the Ukrainian cybersecurity agency, the State Information and Communications Protection Service. Specials, in a statement on April 20. The enemy now has more time to protect itself, because it turns out that its systems are also vulnerable, “Shchyhol said.