The Ukrainian military intelligence service warned today that Russia is planning to escalate cyber-attacks targeting the critical infrastructure of Ukraine and its allies.
This incoming “massive” wave of attacks will likely focus on disrupting and taking down energy industry facilities and institutions, according to the Main Directorate of Intelligence of the Ministry of Defence of Ukraine (HUR MO).
“The Kremlin plans to carry out massive cyber attacks on critical infrastructure of Ukrainian enterprises and institutions of critical infrastructure of Ukraine’s allies,” the intelligence service warned.
“First of all, the blow will be directed at the energy industry. The operations will use the experience of cyber attacks on the energy systems of Ukraine in 2015 and 2016.”
The Russian cyber-attacks’ likely goal would be to slow down the Ukrainian Army’s ongoing offensive and to increase the destructive effect of missile strikes against Ukrainian energy supply facilities in the eastern and southern regions.
“The Kremlin also intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic countries,” HUR MO added.
Increased Russian cyberattack activity, spillovers
This warning follows a July Council of the European Union statement that Russian threat groups increasingly attacking “essential” organizations worldwide might lead to potential escalation and spillover risks.
In February, CISA and the FBI also said in a joint advisory that wiper malware attacks targeting Ukraine could easily spill over to targets from other countries.
Their joint advisory also provides guidance and measures that should be taken as part of network architecture, security baseline, and continuous monitoring to defend against such attacks.
Google’s Threat Analysis Group (TAG) added in late March that phishing attacks against NATO and European military entities were orchestrated by the Russian COLDRIVER hacking group.
Two months later, the U.S., U.K., and EU jointly accused Russia of coordinating a massive cyberattack that hit the KA-SAT consumer-oriented satellite broadband service in Ukraine on February 24, one hour before Russia invaded Ukraine, with AcidRain data destroying malware.
U.S. President Joe Biden warned in July 2021 that cyber-attacks leading to severe security breaches could trigger a “real shooting war.” This statement was issued a month after NATO said [PDF] that cyber-attacks could be compared to “armed attacks” (in some circumstances).