from Wired Website
From "IT Army" DDoS attacks
to custom malware,
the country has become
a target like never before...
The orders are issued like clockwork. Every day, often at around 5 am local time, the Telegram channel housing Ukraine's unprecedented "IT Army" of hackers buzzes with a new list of targets.
The volunteer group has been knocking Russian websites offline using wave after wave of distributed denial-of-service (DDoS) attacks, which flood websites with traffic requests and make them inaccessible, since the war started.
Russian online payment services, government departments, aviation companies, and food delivery firms have all been targeted by the IT Army as it aims to disrupt everyday life in Russia.
The IT Army's actions were just the start.
Since Russia invaded Ukraine at the end of February, the country has faced an unprecedented barrage of hacking activity.
Hacktivists, Ukrainian forces, and outsiders from all around the world who are taking part in the IT Army have targeted Russia and its business.
DDoS attacks make up the bulk of the action, but researchers have spotted ransomware that's designed to target Russia and have been hunting for bugs in Russian systems, which could lead to more sophisticated attacks.
The attacks against Russia stand in sharp contrast to recent history. Many cybercriminals and ransomware groups have links to Russia and don't target the nation.
Now, it's being opened up.
At the start of the war, DDoS was unrelenting. Record levels of DDoS attacks were recorded during the first three months of 2022, according to analysis from Russian cybersecurity company Kaspersky.
Both Russia and Ukraine used DDoS to try to disrupt each other, but the efforts against Russia have been more innovative and prolonged.
Ukrainian tech companies transformed the puzzle game 2048 into a simple way to launch DDoS attacks and have developed tools to allow anyone to join the action, irrespective of their technical knowledge.
The channel's operators urge people to use VPNs to disguise their location and help avoid their targets' DDoS protections.
Toward the end of April, the IT Army launched its own website that lists whether its targets are online or have been taken down and includes technical guides. (The IT Army did not respond to a request for comment.)
When the war started, Budorin and colleagues altered one of the firm's anti-DDoS tools, called disBalancer, so it could be used to launch DDoS attacks.
While Kaspersky's analysis says the number of DDoS around the world has returned to normal levels as the war has progressed, the attacks are lasting for longer... hours rather than minutes.
The longest lasted for more than 177 hours, over a week, its researchers found.
On March 25, the US government added Kaspersky to its list of national security threats.
Budorin says DDoS has been useful for helping Ukrainians contribute to the war effort in other ways than fighting and says that both sides have improved their attacks and defense.
He admits DDoS may not have a huge impact on the war, though.
Since Russia began its full-scale invasion, the country's hackers have been caught,
However, Ukrainian officials now say they have seen a drop in activity.
Dmytro Budorin says that, beyond pivoting his company's technology to help launch DDoS attacks, it also created a bug bounty program for people to find and report security flaws in Russian systems.
More than 3,000 reports have been made, he says.
The company validates the vulnerabilities and passes them on to Ukrainian authorities, Budorin says.
While cyberwarfare throughout the conflict may not have been as obvious or have the impact some predicted, many incidents may happen without publicity or outsider knowledge.
Visibly, hacktivists and others attacking Russia have obtained and published hundreds of gigabytes of Russian data and millions of emails - the files may help unravel parts of the Russian state.
But other attacks are happening, says Lotem Finkelstein, director of threat intelligence and research at Israeli cybersecurity company Check Point.
In early March, a new kind of ransomware was discovered.
While most ransomware groups have links to Russia - something that has proved costly for the Conti ransomware group when it backed Putin - the new ransomware was designed to go after Russian organizations.
The malware can spread as a worm and can wipe systems of data, although as of early March researchers had not yet spotted its use in the real world.
While cyberattacks against Russia have increased, there are hints that this may push the country further down the path of Internet isolation.
For the past few years,
When the DDoS attacks started, Russia appeared to geofence government websites, and at the start of March, according to national media reports, the country's Ministry of Digital Development told websites to improve their cybersecurity measures and keep control of their own domain names.
Despite this denial, Olejnik says, the country is still "doubling down" and pushing toward its long-term goal of a sovereign Internet...