reader comments
83 with 37 posters participating
Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat.
Some team members were soldiers with the US Army’s Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had inflicted upon Ukraine for years.
The US had been helping Ukraine bolster its cyber defenses for years, ever since an infamous 2015 attack on its power grid left part of Kyiv without electricity for hours.
But this surge of US personnel in October and November was different: it was in preparation of impending war. People familiar with the operation described an urgency in the hunt for hidden malware, the kind Russia could have planted, then left dormant in preparation to launch a devastating cyber attack alongside a more conventional ground invasion.
Experts warn that Russia may yet unleash a devastating online attack on Ukrainian infrastructure of the sort that has long been expected by Western officials. But years of work, paired with the past two months of targeted bolstering, may explain why Ukrainian networks have held up so far.
Officials in Ukraine and the US are careful to describe the work of the “cybermission teams” as defensive, compared with the billions of dollars of lethal weapons that have poured into Ukraine to fight and kill Russian soldiers.
Russian attacks have been blunted because “the Ukrainian government has taken appropriate measures to counteract and protect our networks,” said Victor Zhora, a senior Ukrainian government official.
Microsoft engineers detected and reverse-engineered a newly activated piece of malware, Microsoft President Brad Smith has said in a blog post.
Within three hours, the company issued a software update to protect against the malware, warned the Ukrainian government about the threat, and alerted Ukraine about “attacks on a range of targets,” including the military. On the US government’s advice, Microsoft immediately extended the warning to neighboring Nato countries, said a person familiar with the late-night decision.
“We are a company and not a government or a country,” Smith wrote, but added that Microsoft and other software makers needed to remain vigilant against what happened in 2017, when a malware attributed to Russia spread beyond the borders of the Ukrainian cyber arena to the wider world, disabling computers at Merck, Maersk, and elsewhere and causing $10 billion of damage.
So far, experts who have watched the Russian cyber assaults have been confused at their lack of success, as well as the lower tempo, intensity, and sophistication of what Russian-government hackers are known to be capable of.
Ukrainian defenses have proved resilient, said one European official who was briefed this week by the Americans at a NATO meeting, and Russian offenses have proved mediocre. He said the reason was that, so far, Russia has held back its elite corps in the cyber arena, much as it has on the battlefield, perhaps by underestimating the Ukrainians.
One example, he said, was the fact that instead of communicating solely through encrypted military-grade phones, Russian commanders are sometimes piggybacking on Ukrainian cell phone networks to communicate, at times simply by using their Russian cell phones.
“The Ukrainians love it—there is so much data in simply watching these phones, whether or not they are using encrypted apps,” he said.
The Ukrainians then block Russian phones from their local networks at key moments, further jamming their communications. “Then you suddenly see Russian soldiers grabbing cell phones off Ukrainians on the street, raiding repair shops for sims,” he said. “This is not sophisticated stuff. It’s quite puzzling.”
© 2022 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.