24 July 2024

Russia shifts its cyber activities to Ukraine’s frontlines


Russia shifts its cyber activities to Ukraine’s frontlines

Russia's cyber activities in Ukraine have moved from strategic civilian targets to tactical military objectives, according to a recent report by the Royal United Services Institute (RUSI).

The change aligns with Russia's anticipated summer offensive aimed at reclaiming territory lost during Ukraine's 2023 counter-offensive.

Multiple Russian cyber units, including the GRU and FSB, have adapted their strategies to focus on Ukrainian military computers and mobile devices, aiming to provide battlefield advantages. This adaptation marks a departure from their initial strategy of targeting Ukrainian critical infrastructure to exert societal pressure, which was more prevalent in the early stages of the invasion.

“Beyond targeted efforts to gain access to devices and systems used by Ukrainian soldiers, Russia has also reoriented its cyber forces to help locate Ukrainian military equipment and positions,” the report said.

Russia's intelligence services have streamlined their previously disjointed cyber efforts, integrating cyber and conventional capabilities to enhance their military effectiveness. Despite the shift, there is still some operational activity targeting Ukrainian infrastructure, likely as preparations for future sabotage.

The primary focus of Russian cyber efforts now includes penetrating frontline devices used by Ukrainian soldiers, exploiting data-driven combat strategies and secure messaging applications like Signal. Methods include malware disguised as military apps and social engineering to link soldiers' accounts to Russian-controlled instances of messaging apps.

Additionally, Russia targets Ukrainian command-and-control systems, tricking soldiers into divulging credentials to access battlefield management systems. They also utilize compromised webcams and other surveillance methods to locate Ukrainian military equipment and positions.

“We should also be prepared for Russia’s new operational concepts to proliferate outside of Ukraine,” the report warns. “Today, Signal and other EMAs have become standard practice for sensitive communications. These applications see ubiquitous use by Western militaries, politicians, civil-society groups, and other common targets of Russia’s intelligence services. Russia's war-focused tactics could therefore reasonably see wider use to fulfil other urgent intelligence requirements, such as the collection of foreign political intelligence from Ukraine’s partners, or in potential efforts to influence one of the many consequential Western elections on the horizon.”

Back to the list

Latest Posts

Global police op shuts down major DDoS platforms

Global police op shuts down major DDoS platforms

As part of the effort, three suspected administrators were arrested in France and Germany.
11 December 2024
US authorities charge Chinese hacker for exploiting zero-day bug in Sophos firewalls

US authorities charge Chinese hacker for exploiting zero-day bug in Sophos firewalls

The US Department of State offered a reward of up to $10 million for information leading to the hacker's capture.
11 December 2024
Microsoft’s December 2024 Patch Tuesday fixes over 70 flaws, one actively exploited

Microsoft’s December 2024 Patch Tuesday fixes over 70 flaws, one actively exploited

0Day affects the CLFS Driver and can be abused by a local user for code execution with SYSTEM privileges.
11 December 2024