In a recent development, Ukrainian government agencies have reported a new wave of cyberattacks orchestrated by Kremlin-backed hackers. These attacks appear to be aimed at gathering evidence related to alleged Russian war crimes in Ukraine, according to a fresh report.
Yurii Shchyhol, the head of Ukraine’s State Service of Special Communications and Information Protection (SSSCIP), disclosed that nation-state hackers are actively infiltrating Ukrainian law enforcement institutions responsible for documenting and investigating war crimes. This shift in focus signifies a concerted effort to collect evidence against the Russian Federation for its actions in Ukraine.
The SSSCIP is set to release an official report detailing the digital intrusion campaign, with details provided to Reuters News Agency. Shchyhol noted that the cyber defense agency has recorded a significant uptick in cybersecurity incidents, with a staggering 123% increase in the first half of 2023 compared to the second half of the previous year.
Apart from their quest for war crimes evidence, the hackers have also demonstrated an interest in gathering information on Russian nationals arrested in Ukraine. Their aim appears to be facilitating the escape of these individuals from prosecution and their return to Russia.
The attackers have primarily targeted government email servers, although specific units have not been named for security reasons. Yurii Shchyhol pointed out that the groups involved in these activities are associated with Russia’s GRU and FSB intelligence agencies.
This development comes on the heels of reports regarding anomalous activity detected at the International Criminal Court (ICC). The ICC, responsible for prosecuting war crimes and crimes against humanity worldwide, did not attribute responsibility for the incident but holds a wealth of sensitive documents, including evidence of war crimes and the identities of protected witnesses.
The ICC had previously issued an arrest warrant for Russian President Vladimir Putin in relation to the alleged illegal deportation of children from Ukraine. Dutch intelligence agency AIVD had uncovered a Russian military agent using a fake Brazilian identity attempting to infiltrate the ICC last June. The ICC is also conducting an ongoing investigation into alleged Russian atrocities in Georgia, although the Kremlin has consistently denied all allegations.
While Russia’s previous cyberattacks have focused on state offices, media outlets, communication networks, energy sectors, and other critical infrastructure, the latest campaign underscores a shift towards targeting law enforcement institutions involved in documenting war crimes. The notorious Sandworm threat group and other Russian state-sponsored collectives have previously targeted Ukraine’s energy sector with multiple strains of destructive malware.
Additionally, past Russian hacking operations have involved accessing private security cameras in Ukraine to monitor missile and drone strikes and gather information on the stability of the energy grid. Notably, last winter saw Russian intelligence conducting attacks on Ukrainian energy infrastructure, resulting in widespread power outages.
Yurii Shchyhol has warned that these cyberattacks are likely to persist, even if Ukraine achieves success on the battlefield. As such, the cyber war between Ukraine and Russia appears far from over.
Q1: What is the objective of the Russian hacker campaign targeting Ukraine?
A: The Russian hacker campaign appears to be primarily focused on gathering evidence related to alleged war crimes committed by the Russian Federation in Ukraine. They are targeting law enforcement institutions responsible for documenting and investigating these war crimes.
Q2: Who is leading the efforts to detect and counter these cyberattacks in Ukraine?
A: Yurii Shchyhol, the head of Ukraine’s State Service of Special Communications and Information Protection (SSSCIP), is leading the efforts to detect and respond to these cyberattacks.
Q3: Are there any indications of the hackers’ origins or affiliations?
A: According to Yurii Shchyhol, the groups involved in these cyberattacks are believed to be associated with Russia’s GRU and FSB intelligence agencies.
Q4: What other targets have the hackers pursued besides evidence of war crimes?
A: In addition to seeking evidence of war crimes, the hackers have shown an interest in gathering information on Russian nationals who have been arrested in Ukraine. Their goal appears to be aiding these individuals in avoiding prosecution and returning to Russia.
Q5: How has the International Criminal Court (ICC) been affected by these cyberattacks?
A: The ICC, responsible for prosecuting war crimes globally, reported anomalous activity in its systems. While the culprits were not identified, this institution holds highly sensitive documents, including evidence of war crimes and the identities of protected witnesses.
The recent discovery of a Russian hacker campaign targeting Ukrainian authorities in search of evidence of war crimes has raised concerns and shed light on the evolving tactics of cyber warfare. Ukrainian officials, led by Yurii Shchyhol, have been actively monitoring and responding to these cyberattacks, which have witnessed a significant increase in recent months.
The hackers, believed to be associated with Russia’s intelligence agencies, have shifted their focus towards infiltrating law enforcement institutions responsible for documenting and investigating war crimes. This development highlights the importance of cybersecurity in safeguarding sensitive information and maintaining the integrity of investigations into alleged war crimes.
The ICC’s detection of anomalous activity in its systems further underscores the gravity of the situation, as this institution holds critical evidence and information related to international war crime cases, including an arrest warrant issued for Russian President Vladimir Putin.
As the cyber war between Ukraine and Russia continues to escalate, it is essential for both nations to remain vigilant and committed to protecting their critical infrastructure and sensitive data. The pursuit of evidence in the realm of cyber espionage adds a new dimension to the ongoing conflict, emphasizing the need for robust cybersecurity measures and international cooperation to address these evolving threats effectively.