Skip to content

Illustration by iStock, Security Management

Cyberattack Disrupts Ukraine’s Internet, But Destructive Attacks Remain Yet to Be Seen

Ukraine’s Internet service was disrupted this week after a cyberattack targeted telecoms provider Triolan. The firm—which provides service for the northeastern Kharkiv region—confirmed the incident and said it was working to restore service.

“Three other sources within the company and a former cofounder of the business said a cyberattack had occurred, with one claiming some of Triolan’s internal computers had stopped working because the ‘attackers reset the settings to the factory level,’” according to Forbes. “They added that recovery was proving difficult because some equipment required physical access to restore, which was not possible due to the risk of life to personnel.”

Russia has widened its offensive strikes on Ukraine, targeting airfields and cities in the western portion of the country. Ukrainian President Volodymyr Zelensky remains in Ukraine, however, and he said that Ukraine’s forces have “reached a strategic turning point,” as reported by the Associated Press. “It’s impossible to say how many days we will still need to free our land, but it is possible to say that we will do it.”

Authorities are working to create humanitarian corridors to ensure food, medicine, and other basic necessities are delivered to people who remain under siege in Ukraine. 

Internet Impact

Triolan was previously affected by a cyber incident on 24 February, followed by further disruptions at the end of February as Russia made moves to invade Ukraine.

“Since the beginning of the conflict, there have been concerns that Russia-backed hackers might attempt to disconnect Ukraine’s Internet, in the same way they took down the country’s power grid in 2015,” WIRED reports. “Since February 23, Russia’s cyber army has been carrying out repeated distributed denial of service (DDoS) attacks against government websites, overwhelming them with spurious traffic in order to take them offline… But despite what happened in Triolan, Russia’s chances of carrying out a full-fledged Internet shutdown against Ukraine are low.” 

The reasons for this vary, including the fact that it’s difficult to carry out an Internet shutdown as an outside actor, as well as conflicting opinions on why we have not yet seen more destructive cyberattacks carried out against Ukraine. Some suggest that the reasons for this are related to Russia’s desire not to inflict long-term damage on Ukraine’s networks because if it takes control of the country, Russia will need to use those networks to run it. 

Others have suggested that there may be attacks happening that we do not know about, that cyberattacks are not the most useful during physical combat, or that the focus for cyber activity is on other types of campaigns. 

Speaking at a CISO Street webinar on Thursday, Charles Carmakal—senior vice president and chief technology officer for Mandiant—said that in December 2021, Mandiant built out a task force to anticipate what might happen in Ukraine and the rest of the world in response. Mandiant was tracking intrusions by Russian government entities in several countries’ ministries of foreign affairs in what it categorized as “espionage activity,” or theft of data that was of strategic importance to the Russian government.

In the days leading up to the invasion, Carmakal added that Mandiant observed wiper activity and other activity designed to look like ransomware but was really wiper or destructive malware. “One thing we’re concerned about,” Carmakal said, “is that these events are precursors to what might happen elsewhere in the world.”

Critical infrastructure owners and operators around the world have been on high alert and instructed take steps to shore-up their defenses, as well as their network monitoring, to be prepared to respond should an incident occur.

Numerous cybersecurity firms have made resources available on this front, many for free. One such initiative—the Critical Infrastructure Defense Project—was launched this week by Cloudflare, Crowdstrike, and Ping Identity to help U.S. critical infrastructure improve its cyber readiness.

“Each of us is great at what we do on our own. Together, we provide an integrated solution that is unrivaled and proven to stand up to even the most sophisticated nation state cyberattacks,” wrote Matthew Prince, CEO and co-founder of Cloudflare, in a blog post about the initiative. “And this is what we think is required, because the current threat is significantly higher than what we have seen since any of our companies was founded. We all built our companies relying on the nation’s infrastructure, and we believe it is incumbent on us to provide our technology in order to protect that infrastructure when it is threatened. For this period of heightened risk, we are all providing our services at no cost to organizations in these most vulnerable sectors.”

Business Impacts

Businesses have also been ramping up their efforts to evacuate personnel from Ukraine and Russia. This effort, however, is becoming difficult because of travel routes being compromised and economic sanctions impacting flights.

“Before Wednesday, Global Guardian’s 125-person Russia team had been able to charter planes out of Russia and land where necessary to refuel,” according to Dale Buckner, the security group’s chief executive, who spoke with the Financial Times. “But it is becoming tougher to extract employees of the group’s 18 Fortune 500 clients in the federation as tit-for-tat travel bans between Moscow and other countries restrict airspace.”

In addition, President Vladimir Putin said the Kremlin is exploring the ability to seize control of foreign assets of multinational firms that are leaving its market. Putin shared the update in a video address to members of the Russian government on Thursday.

Putin explained that the government would push to “introduce external management and then transfer these enterprises to those who actually want to work,” according to a translation by The Guardian. “There are enough legal and market instruments for this.” 

Russia is also implementing its own economic sanctions, such as banning exports of timber, electronic, and telecoms equipment. Russia may also look to restrict foreign ships from Russian ports, the BBC reports. 

U.S. President Joe Biden announced additional sanctions against Russia to increase pressure on the nation to withdraw its troops from Ukraine. The United States, in coordination with G7 leaders from Canada, France, Germany, Italy, Japan, and the United Kingdom, as well as the European Union, will take steps to deny “most favored nation status” to Russia. Under normal circumstances, many countries make agreements to trade with others under “the best possible terms,” including low tariffs, as part of a most favored nation agreement. Revoking this status means it will be more difficult for Russia to do business with other nations, dealing a “crushing blow to the Russian economy,” Biden said.

The White House also issued a statement saying Biden will sign an executive order to end the exportation of luxury items to anyone in the Russian Federation and ban the import of Russian products—including seafood, vodka, and non-industrial diamonds. The executive order will also create the ability to ban new investment in any sector of the Russian economy.

The sanctions imposed against Russia so far have been disastrous for the nation’s economy, with Russia nearing “default territory,” according to World Bank Chief Economist Carmen Reinhart, who spoke with Reuters. Foreign investors hold approximately half of Russia’s sovereign hard-currency bonds, and Moscow must make a $107 million payment on two bonds next week. 

“I worry about what I do not see,” Reinhart said. “Financial institutions are well-capitalized, but balance sheets are often opaque…There is the issue of Russian private sector defaults. One cannot be complacent.”

This is a rapidly developing situation. For breaking news updates, follow live reports from the Associated Press, the BBC, The Guardian, The New York Times, and The Washington Post.

For information on the latest sanctions against Russia, visit the U.S. Department of Treasury and the European Council.