Is Russia Waging a Digital War Against Ukraine?

There is already a lot of political unrest between Russia and Ukraine, and amidst this stress, there are emerging news reports about Russian hackers breaking into Ukraine’s network. Several computers in the Prime Minister’s Office in Ukraine have been infected with a cyber espionage malware that is being linked to Russia.


Photo: Creativa / Shutterstock

News of this espionage campaign is doing the rounds as tensions grown among the western world and Russia over the issue of Ukraine. The EU and US officials have enacted some disciplinary economic sanctions against Moscow, and they have all received retaliation from the Kremlin. The Russian troop activities on the Ukrainian border have also continued without a break.

Cyber espionage has affected embassies of other countries as well. Some countries that were affected by this attack include China, Germany, Belgium, and Poland, with the attackers successful in getting access to sensitive diplomatic documents.

The attack was uncovered by intelligence sources, including the security firm, Symantec. Reports show that the attack was planned using the Snake malware. Also known as Ouroboros, the ancient serpent of Greek mythology that swallows its own tail, Snake is a highly-targeted piece of malware.

Reports also show that the primary target of this attack was Ukraine. The operation was extremely well-planned and used the latest resources, which hints towards the involvement of a state-backed hacker group that is controlled by an intelligence department or military.

A History of Attacks

Earlier this year, there was a cyber attack on the communication channel in Ukraine. Some telephone and Internet services were disrupted after the Russian forces took control over airfields in Crimea. There was also an attack on the phones of Ukrainian parliament members.

Symantec said in its report that the campaign has infected 60 computers in the Prime Minister’s Office of a former member of the Soviet Union, and the espionage campaign involving the Snake malware started in May 2012. It has been uncovered only now, while the campaign is still ongoing.

Some senior officers from NATO member states opine that the “former member of Soviet Union” is Ukraine. They believe that Russia has been following aggressive strategies against Kiev, and this includes a digital war as well. Snake came into the limelight earlier this year, and since then, security analysts have built up its profile and understood how it can be used as an espionage weapon.

There are other state-backed and sophisticated malware tools like Stuxnet that was used by Israel and the US to interrupt the uranium enrichment facilities of Iran; however, Snake is much more precise than Stuxnet.

Peter Roberts, a former military intelligence expert, said that Snake is spreading in a very interesting pattern. While a normal virus spreads in an uncontrolled way, Snake is highly targeted. It focuses on just the defense, military systems, and the major government industries in a planned way.

With the way Snake is spreading and the targets it has chosen, there is a high probability that is generated by Russia, said Roberts. Although it cannot be said with certainty, all clues do point towards Russia, as the networks and individual computers infected by the malware seem to be carefully selected by the operators of Snake. Symantec’s research says that Snake works over several stages, finding the right target to attack.

Espionage in Eastern Europe began with Snake infecting 85 prominent government websites that were visited regularly by government employees and defense industry personnel. The first level of targeting was done when the visitors to those prominent websites were asked to upgrade to the latest Shockwave player. Thousands of visitors promptly upgraded, and their details were collected by the operators of Snake.

The second targeting level involved monitoring the IP addresses of users, and tracking the ones that belonged to government services or other organizations of interest.

The targeted individuals were then infected with a preliminary malware called wipbot. The malware helped Snake operators find out the position of their victim in their respective department. This helped the attackers plan a full-fledged attack in the form of Snake. The attack targeted specifically those individuals whose computers contained the most valuable and sensitive information.

Snake operators are not interested in a one-time hit. They want to penetrate the targeted systems and scan through them to find all pieces of any diplomatic information they can find. It is due to this nature of the malware that experts strongly believe that Russia is involved in these attacks.

Symantec also reported that the relevant authorities across Europe have been informed of the latest findings.

For now, it cannot be said for sure if Russia is actually behind these attacks, although there are strong indications towards its hand in the entire espionage campaign.