During the Ukrainian war, there have been no cyber attacks with devastating damage so far.
Düsseldorf, Berlin, San Francisco The incident raised the worst expectations. A few days after Russia’s attack on Ukraine, a cyberattack shut down parts of the Viasat satellite network – with the result that energy companies such as Enercon could no longer control thousands of wind turbines. The Federal Office for Information Security (BSI) warned of dangers for “high-value targets”.
But there have been no cyber attacks with devastating damage, at least so far. While Russia is acting more and more brutally militarily in the war against Ukraine, it remains unexpectedly calm on the cyber front.
Although IT security experts continue to see the activities of Russian state hackers, there is no large-scale campaign on facilities in the West. To facilitate the corporations, authorities and ministries.
However, there is no reason to relax, warns Haya Shulman, professor of computer science at Goethe University in Frankfurt and head of the department at the Fraunhofer Institute. “According to findings from the United States, Russian intelligence services have access to critical infrastructures in the United States and Europe.“
If the regime wanted to, it could attack at any time – and then there would be great danger. According to the IT security expert, Germany is no better positioned than Ukraine: “We are very vulnerable.“
Russia has repeatedly proved that its state hackers can wreak havoc – especially in conflict zones. So, a few years ago, Russian groups sabotaged the power grid of Ukraine. The regime sees disruptions caused by cyberattacks as “a means of foreign policy pressure to influence the decisions of other countries, as well as a deterrent and military means,” according to a report from the Office of the Director of National Intelligence, who coordinates the US intelligence services.
Russia is also launching cyber attacks in the war against Ukraine – the Ukrainian Cybersecurity Center (Cert) counted a total of 60 at the end of March. According to a report, these are primarily aimed at the government, local authorities and the military, but partly also at the economy.
For example, a large-scale outage recently occurred at the telecommunications service provider Ukrtelecom. In most cases, however, the attacks are not successful, the organization emphasizes.
“Russia underestimated Ukraine”
However, outside the war zone, it seems that the Russian hackers are hardly active so far – contrary to expectations. “Since the beginning of the Russian attack on Ukraine, there have been few additional unrelated IT security incidents in Germany so far, but they have had only isolated effects,” the Federal Office for Information Security (BSI) said on Handelsblatt inquiry.
The authority includes the consequential failure of the satellite network Viasat. Also – averted – DDOS attacks, in which online services are overloaded with numerous senseless requests, had been recorded. All in all, however, the fear that Russia is wreaking havoc has not come true so far.
Matthew Olney, head of the “Threat Intelligence” division at Cisco Talos, sees two main reasons for the absence of far-reaching cyber attacks. For example, Russia underestimated Ukraine – the country had learned from the Russian cyber attacks of recent years and was better prepared.
The support from the USA may also have helped in this: according to a report by the “Financial Times”, the government in Washington sent experts in the fall, for example, to detect malicious software from operators of critical infrastructures and render it harmless. Olney and his team take care of the cyber defense of several authorities and companies in Ukraine, including from the financial and gas sectors.
In addition, Russia has apparently set other priorities for its cyber elite, Olney suspects: “The hackers seem to be more engaged in espionage.“ Instead of driving attacks, they tried to collect information about the behavior of other states and possible new sanctions.
Baerbock announces NATO response to “atrocities” of Butscha and Mariupol
For example, a few weeks ago it became public that groups from the intelligence community spied on Hungarian ministries, probably also to collect information about NATO countries and sanctions.
There should also be a strategic consideration: “An attack on power grids in the West could give NATO a reason to declare the alliance case,” says Sven Herpig, head of cybersecurity policy at the Stiftung Neue Verantwortung (SNV). Putin may want to prevent this, despite all the aggressive rhetoric.
In the event of an escalation, the Russian leader must expect the West to respond with cyber attacks and disrupt the Russian power grid, for example. The specialists of the US intelligence service NSA would probably be able to do this.
However, all this is not a reason for relaxation. For example, the IT industry association Bitkom observes that IT systems in Germany are increasingly being scanned for vulnerabilities. “Although such activities are commonplace, such an increase can also be an indication of upcoming attacks,” says Sebastian Artz, Head of Cyber and Information Security. And SAP CEO Christian Klein warns that the software manufacturer is increasingly affected by cyber attacks.
There are several reasons why the threat is likely to increase:
- The sanctions of the West hit Russia hard, the economic outlook is poor. It is to be expected that the Putin regime will respond to this, says Shulman – to extract information from politics, to sow discord and to take revenge. Cyber attacks are ideally suited for espionage, disinformation and sabotage.
- In Russia, numerous criminal hacker groups are active with the connivance of the state, says Shulman. It is conceivable that the regime encourages them to cause damage to Western companies, authorities and research institutions, for example with blackmail software.
- Attacks that apply to Ukraine can also unintentionally harm other countries. For example, in 2017, Russian hackers sabotaged Ukrainian companies with the NotPetya virus – but the software also spread to numerous German organizations. The failure of the Viasat satellite system is also considered collateral damage.
- The war in Ukraine offers hackers and spies from other countries a pretext for their activities, Google researchers report. For example, a group allegedly connected to the Chinese army is trying to spy on the military and governments in Ukraine, Russia, Kazakhstan and Mongolia. In addition, there are numerous “financially motivated” activities.