Cybercrime Front Lines in Russia-Ukraine War Move to Eastern and Northern Europe
More than a year into the war in Ukraine, hackers have extended the cyber battleground to Eastern and Northern Europe with the number of incidents in those geographies spiking noticeably.
A Year of Cyber Conflict Examined
Thales, a Paris-based data protection and identity management provider, said in a new report entitled “A Year of Cyber Conflict in Ukraine,” that cyber warfare inside the conflict has “clearly moved on” from the beginnings of the war.
Writing about the conflict, Thales said:
“Since the third quarter of 2022, the cyber conflict has largely involved harassment and cyber disruption operations by hacktivists who are aligned with, though not necessarily sponsored. These operations account for 75% of the incidents recorded since the beginning of the conflict and involve waves of DDoS attacks carried out by groups that for the most part were formed after the conflict began. Destructive cyber-military operations account for only 2% of the total number of incidents and are mainly targeted at Ukrainian public-sector organizations.”
Over the last 12 months, Thales figures that the majority of incidents only affecting Ukraine in the first quarter of 2022 (50.4%) sank to 28.6% in the third period. But European Union countries have seen a spike in incidents related to the war in the past six months from 9.8% to 46.5%.
Indeed, the number of attacks on EU countries in the third quarter of 2022 totaled just slightly less than those in the Ukraine. And, in the first quarter of this year, more than 80% of incidents occurred inside the European Union.
Commenting on the report, Pierre-Yves Jolivet, Thales vice president of cyber solutions, said:
“Cyber is now a crucial weapon in the arsenal of new instruments of war, alongside disinformation, manipulation of public opinion, economic warfare, sabotage and guerrilla tactics. With the lateralization of the conflict from Ukraine to the rest of Europe, Western Europe should be wary of possible attacks on critical infrastructure in the short term if the conflict continues to accelerate.”
More From the Report
Here are some additional data from Thales’ study:
- Candidates for European Union inclusion, such as Montenegro and Moldova, are being increasingly targeted (0.7% of attacks in the first quarter of 2022 versus 2.7% at the end of 2022).
- Poland has been hit with a record number of 114 incidents related to the conflict over the past year.
- War hacktivists have specifically targeted the Baltic countries (157 incidents in Estonia, Latvia and Lithuania) and Nordic countries (95 incidents in Sweden, Norway, Denmark and Finland).
- Germany saw 58 incidents in the past year, but other European countries have been relatively spared, such as France (14 attacks), the UK (18 attacks), Italy (14 attacks) and Spain (4 attacks).
- The third quarter of 2022 marked a transition to a wave of DDoS attacks, in contrast to the first quarter of 2022, which saw a range of different kinds of attacks, divided more or less equally among data leaks and theft, DDoS attacks, espionage, influence campaigns, intrusion, ransomware, phishing, wiper and infostealer attacks.
- Since the third quarter of 2022, cyberattackers have favored DDoS attacks (75%) against companies and governments.
- 61% of all cyberattacks reported worldwide since the beginning of the war were committed by pro-Russian hacktivists, in particular Anonymous Russia, KillNet and Russian hackers teams.
- Civilian hacktivists have emerged as a new component in the conflict. They can be assimilated to a cybercriminal group with specific political objectives and interests, acting out of conviction yet not directly sponsored by any government.