The lack of spectacular attacks does not mean that the tension has subsided in cyberspace. Russia continues to carry out espionage operations against Ukraine and all of its allies.
The cyberapocalypse has not happened, but the great fight against espionage is daily. Politicians and the population imagined that the war launched by Russia would be accompanied by the extinction of power plants and government platforms – it was not.
That’s not to say the Kremlin hackers didn’t attempt to take down Ukraine’s computer network, but just like on physical battlefields, they faced a stronger shield than they did. imagined.
The logistical support provided by tech giants like Microsoft, BitDefender and the US government has made it possible to detect threats and attempted attacks much faster. Faced with this wall, Russian hackers changed their strategy in the fall of 2022, favoring cyber espionage over data destruction. Thus, while wiper attacks – malware intended to erase all data – were numerous during the first half of 2022, this method was used less from September.
Bursts of emails and booby-trapped messages
Questioned this fall by Numerama, Bogdan Botezatu, director of threat research for BitDefender, already indicated that “ activity remains very intense, but cyber espionage campaigns will be favored in an attempt to capture information on Ukrainian strategies and communications with NATO forces. »
Major cybersecurity companies have detected various cyber espionage campaigns that confirm the reversal of tactics. In late August, the Gamaredon group, Russian intelligence hackers, launched a phishing campaign targeting Ukrainian government employees. The Talos Group has identified Word documents sent by email and claiming security info contained malware to steal the data.
From November to December, the company Trellix has found a salvo of fraudulent email twenty times higher than the norm, after a massive campaign impersonating several Ukrainian government departments.
At the end of the year, Sekoia unveiled an operation by the Calisto collective against several Western military equipment and logistics companies based in Ukraine. NGOs documenting war crimes have also been targeted.
Europe and the United States targeted
The offensives have multiplied at the start of 2023. In January, Ukrainian cybersecurity services detected a fake email campaign from the National Health Service. The malware deployed by the Nodaria group is intended to “ grab credentials, screenshots and files “. Gameredon is back in the same period with booby-trapped messages sent to Ukrainian officials this time by Telegram, a privileged network in Eastern countries. Applications have even been developed and provided to Ukrainians to check for spyware on their smartphones.
Ukraine is naturally the first target, but the country being dependent on NATO members for its armament, Russia is also trying to infiltrate the networks of all the main supplier countries. So, in a Google report published on February 16the group states that “ targeting of users in NATO countries increased by more than 300% in 2022. »
The voltage is therefore constant for the American and European networks. The term cyber warfare can be misleading, as the general public imagines combat through computers. In fact, these are operations lasting several months to infiltrate computer systems. The attack is silent, but the damage behind is clearly visible.
If you liked this article, you will like the following ones: do not miss them by subscribing to Numerama on Google News.
