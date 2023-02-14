The printers in the offices of the European Commission, in Brussels, were fully operational in the spring of 2022. Lists of names, telephone numbers and other contact details of the staff, as well as other documents with information necessary for for the EU to continue to function in the event of a blackout of IT systems. Because that was what had been feared to happen since Russia launched its invasion of Ukraine in February. The shadow of a major cyberattack with international consequences has been looming over Europe since Moscow began the invasion almost a year ago.

But that blow has not come. Cyber ​​activity has not played a significant role in the course of the war one week after the first anniversary of its start. There were reasons to think that it would be more decisive. Between 2015 and 2016, with the annexation of Crimea still hot, Russia launched one of the most sophisticated attacks on energy infrastructure in memory. The BlackEnergy virus left several Ukrainian cities without heating in the dead of winter. In 2017, Kremlin-related groups launched NotPetya. Initially targeted at Ukrainian companies and public institutions, this cyberweapon had the appearance of a ransomware (a variety of virus that encrypts the system and releases it in exchange for a reward), but it was soon seen that it offered no option for ransom: it directly destroyed information. It ended up spreading throughout a good part of the world, with at least 300,000 computers affected, and it is still considered today one of the most powerful cyberattacks in history.

None of that has happened this time. “Russian cyber forces, like the conventional military, have performed below expectations since the start of the war. Russia was not prepared for a long conflict, not even in the field of cyberwar,” Mieke Eoyang, the Pentagon’s cybersecurity coordinator, said in November. Russian cyberattacks “just haven’t had the desired effect for Moscow,” Lindy Cameron, director of the UK’s National Center for Cyber ​​Security, concluded for her part.

And it’s not that they haven’t tried. As detailed in April by David Cattler, head of NATO intelligence, Russia used more destructive malware against Ukraine in the first quarter of 2022 “than was launched by the rest of the world in an average year.” As soon as the conflict started, Russia attacked with a wiper (a virus that seeks to destroy information) various Ukrainian government organizations and financial companies. They also caused some institutional websites to collapse. The day before the invasion began, another wiper (AcidRain) tried to disable the network of military satellites used by the Ukrainian army, something that came to nothing thanks to the help provided by Elon Musk’s Starlink satellites.

“The world has overestimated Russia in many ways. One of them is the myth that they have hackers very good We Ukrainians have shown that this is not the case: we are still here,” the Deputy Prime Minister of Ukraine, Mykhailo Fedorov, also head of the Digital Transformation portfolio and in charge of organizing the country’s cyber defense, explained by email to EL PAÍS. “We are countering Russian cyberattacks every day. We can say that the no less than 1,000 attacks received since February 24 have neither caused real losses to our economy, nor have they stopped the banking system, nor have they damaged critical infrastructures. Our cybersecurity system is efficient, ”he remarks.

Russian missiles have caused power supply disruptions; computers don’t Nor have Ukrainians stopped being able to make phone calls or use the internet. “Since the war started, we have provided the country, with the help of international partners, with SpaceX satellite communication [en referencia a Starlink]. We have three types of communications, which complement each other: broadband, mobile and satellite”, Fedorov illustrates. “If the broadband internet goes down due to a lack of electricity, the mobile connection helps everything work, and vice versa. If classical networks are completely destroyed by invaders, Starlink wireless systems save the day.”

The Russian digital offensive

Is Russia losing the cyber war? Have you already deployed your entire arsenal or do you have an ace up your sleeve? “Russian APTs [acrónimo de amenazas avanzadas persistentes, grupos organizados de hackers sin vinculación oficial a gobiernos, pero que están financiados y siguien instrucciones de alguno] They are well known internationally. I would be surprised if they have not been interested in attacking until now”, ventures Guillermo Suárez-Tangil, a researcher at IMDEA Networks specialized in cybersecurity.

It is impossible to know if Moscow has more resources than it has used so far. Analysts are divided between those who believe that the Kremlin’s potential in the cyber arena has been overestimated and those who believe that, for some reason, they have not wanted to unleash their full virtual firepower. “I think at the beginning of the war they didn’t want to launch any devastating attacks because they thought they would reach Kiev in two or three days and they would need to use the country’s infrastructure. That would also explain why they didn’t blow up mobile phone communications,” says Adam Meyers, Vice President of Intelligence at the Texan cybersecurity company CrowdStrike.

According to him Microsoft annual report dedicated to Digital Defense, Russian cyber commandos initially attempted to destroy data and shut down government agencies. As the war progressed they have gone on to “attempt to sabotage military transport and humanitarian assistance to Ukraine, end access to the internet and the media, and steal information or intelligence of value to Russia.”

There are reasons to think that the preparation of the Russian army in the cyber area leaves something to be desired. “It was seen very early that the Russian troops were dependent on the Ukrainian infrastructure in the captured territories: they used ordinary mobile phones for military communications. It would have been a problem for the war effort if that had failed,” Meyers says. Betting on ordinary mobiles instead of encrypted communication systems made, for example, that the whole world found out that the highest-ranking Russian soldier deployed in UkraineGeneral Vitaly Gerasimov died at the front a few weeks after the start of the war. That leak called into question Russia’s power in cyberwar.

“No one can prevail with operations in the cyber arena alone,” recalls Daniel Moore, author of the book Offensive Cyber ​​Operations. The analyst believes that Russia has done what was expected: launched cyberattacks in combination with military incursions to disable Ukrainian communications. “The Russians’ record shows that they are technically capable, but at the same time operationally disorganized, which means that many of their attacks have caused either too much or too little damage,” he told this newspaper. This is the case of NotPetya, which targeted a series of Ukrainian institutions and companies and ended up causing losses of more than 10 billion dollars in countries around the world.

Another factor that would explain Russia’s lack of forcefulness in the digital field is that, according to the Kremlin’s organizational structure, the commandos in charge of cybersecurity are the same ones that deal with disinformation. And they have turned to this last task.

A robust defense

Ukraine was this time better prepared than in 2014 to deal with Russian cyberattacks. “Having a neighbor like Russia, in recent years we have strengthened ourselves a lot in cybersecurity. We have increased investment, we work with international partners and we have hired great specialists who have been trained and trained with colleagues from other countries”, highlights Ukrainian Deputy Prime Minister Fedorov. Ukraine has the cooperation of the EU and other governments, as well as an international army of hacktiviststhe IT Army, which performs the tasks that kyiv indicates through a Telegram channel.

“Several campaigns have been detected that could be compared to NotPetya. The lessons learned in recent years and the support of cybersecurity companies have helped to mitigate its impact”, says Josep Albors, Research Director of ESET Spain. The Slovak software company is, together with Microsoft, one of the most active in cyber defense in Ukraine. The support of these big companies has helped kyiv to develop very strong defenses in the virtual environment. This collaboration has made it possible to identify “numerous campaigns of wipers (destroyers of information) that have been taking place from hours before the start of the invasion until just a few weeks ago,” adds Albors, “in addition to detecting in time and blocking, together with the Kiev authorities, Industroyer2’s attempt to cut off electricity to a large region of the country.

Another of the keys to the Ukrainian resistance has to do with the management of the data centers where the systems are housed. “Ukraine decided in recent years to close agreements with other countries and with Amazon Web Services to generate digital twins, so that if one is disabled on Ukrainian soil there is a copy elsewhere,” said Raquel Jorge, a technology policy analyst at Real Elcano Institute. Fedorov highlights the role played in this regard by Poland. “We have transferred some Ukrainian records and/or their backup copies to Warsaw. They have also helped us establish an infrastructure there to house tax records and other data from the Treasury. That is crucial to ensure that Ukraine continues to function as a country”, indicates the deputy prime minister.

Ukraine resists the Russian invasion a year later, both physical and cybernetic. But the prolongation of the conflict can bring surprises in the digital area. The cyberattack campaign that knocked out power to Ukraine in 2015 took 19 months of planning and work, according to a subsequent investigation. “Although it has already spent all its aces, it seems that the war will be long, which gives Moscow more time to develop, deploy and activate more significant cyberattacks,” Moore warns.

