As soon as Russia invaded Ukraine at the end of February 2022, the Federal Office for Information Security (BSI) raised the possibility that Germany could be the target of cyberattacks. According to information provided by the German Cyber Defense Center, these could be attacks on “high value goals“, which can refer to critical infrastructures (energy suppliers, military installations, etc.), as well as political figures. But so far only a few small operations have been detected. Already targeted by SolarWinds or Ghostwriter offensives, Germany is not an unattractive target for hackers close to the Kremlin, but Russia today prefers conventional warfare to cyber warfare.
Phishing campaigns have been detected
For a month now, German intelligence agencies have been waiting for a massive operation that will crown the preliminary attacks launched at the beginning of the conflict, which they have already identified. Thus, in early March 2022, a new Ghostwriter hacking campaign was revealed, which is believed to be organized by the Russian military intelligence, the GRU. phishing which has already harassed Germany during the election campaign in the summer of 2021; The hackers then managed to steal data and documents belonging to parliamentarians and politicians by gaining access to their email accounts through phishing emails. The Federal Office for the Protection of the Constitution now fears a possible operation hack and leakthat is, leaking these stolen data, or hacking into information portals or journalists’ social media accounts, in order to spread false information.
Invasion of the oil group’s servers
Germany is also in the spotlight of the Anonymous collective, which sided with Ukraine and declared “cyber war” on the Kremlin. Thus, the “hacktivists” from Anonymous Deutschland launched an operation against the German “daughter” of the Russian oil group “Rosneft” and got their hands on 20 terabytes of data. With access to the servers for two weeks, they would have captured data backups of approximately 60 computers and mobile phones, but would not have touched the system or control installations. Rosneft is the largest oil producer in Russia; its German subsidiary, whose supervisory board is chaired by former Chancellor Gerhard Schröder, is the Rhine’s third-largest crude oil refiner. Because Rosneft is part of a critical infrastructure, BSI has issued a cybersecurity warning to other oil sector companies.
Are cyber attacks an overestimated danger?
In another incident, it is noted that the KA-SAT satellite network, owned by the American operator Viasat and used by Ukraine for emergency communications, went out of order at the very moment of the invasion into the country. This failure has had repercussions worldwide, and in Germany in particular, as the network is being used to remotely monitor thousands of wind turbines. While the BSI mentioned at the start of the conflict “high risk situation“A month after the start of the war in Ukraine, Germany recorded only a few minor and unrelated incidents. Does this mean that the danger of cyber attacks is overestimated?
As soon as Russia invaded Ukraine at the end of February 2022, the Federal Office for Information Security (BSI) raised the possibility that Germany could be the target of cyberattacks. According to information provided by the German Cyber Defense Center, these could be attacks on “high value goals“, which can refer to critical infrastructures (energy suppliers, military installations, etc.), as well as political figures. But so far only a few small operations have been detected. Already targeted by SolarWinds or Ghostwriter offensives, Germany is not an unattractive target for hackers close to the Kremlin, but Russia today prefers conventional warfare to cyber warfare.
Phishing campaigns have been detected
For a month now, German intelligence agencies have been waiting for a massive operation that will crown the preliminary attacks launched at the beginning of the conflict, which they have already identified. Thus, in early March 2022, a new Ghostwriter hacking campaign was revealed, which is believed to be organized by the Russian military intelligence, the GRU. phishing which has already harassed Germany during the election campaign in the summer of 2021; The hackers then managed to steal data and documents belonging to parliamentarians and politicians by gaining access to their email accounts through phishing emails. The Federal Office for the Protection of the Constitution now fears a possible operation hack and leakthat is, leaking these stolen data, or hacking into information portals or journalists’ social media accounts, in order to spread false information.
Invasion of the oil group’s servers
Germany is also in the spotlight of the Anonymous collective, which sided with Ukraine and declared “cyber war” on the Kremlin. Thus, the “hacktivists” from Anonymous Deutschland launched an operation against the German “daughter” of the Russian oil group “Rosneft” and got their hands on 20 terabytes of data. With access to the servers for two weeks, they would have captured data backups of approximately 60 computers and mobile phones, but would not have touched the system or control installations. Rosneft is the largest oil producer in Russia; its German subsidiary, whose supervisory board is chaired by former Chancellor Gerhard Schröder, is the Rhine’s third-largest crude oil refiner. Because Rosneft is part of a critical infrastructure, BSI has issued a cybersecurity warning to other oil sector companies.
Are cyber attacks an overestimated danger?
In another incident, it is noted that the KA-SAT satellite network, owned by the American operator Viasat and used by Ukraine for emergency communications, went out of order at the very moment of the invasion into the country. This failure has had repercussions worldwide, and in Germany in particular, as the network is being used to remotely monitor thousands of wind turbines. While the BSI mentioned at the start of the conflict “high risk situation“A month after the start of the war in Ukraine, Germany recorded only a few minor and unrelated incidents. Does this mean that the danger of cyber attacks is overestimated?
Cyber war vs conventional war
For experts watching the current conflict, Russia does not appear to have unleashed a cyber war against Ukraine. Cybersecurity researcher Haya Shulman, who presents her analysis in Frankfurter Allgemeine Zeitung, therefore believes that several of the identified operations were small-scale: the day before the invasion, the HermeticWiper malware began erasing data on Ukrainian computers; there have also been several DDoS attacks (which render the server inaccessible) and several instances of website corruption (fakes). There is nothing unusual in all this, far from the large-scale cyber attacks that we feared. It was thought, for example, that Russia intended to cut communications in Ukraine in order to give an advantage to its troops, but in fact it has been waging a conventional war based on the physical destruction of Ukraine and its inhabitants for a month now.
Ukraine prevented cyber operations aimed at weakening it
Nevertheless, the Russians have resorted to cyber operations in previous conflicts: in 2008, cyber attacks managed to disrupt strategic communications in Georgia; in 2015 and 2016, they temporarily disabled sections of Ukraine’s energy system, and in February 2022, they unsuccessfully tried to disrupt the country’s rail links. Before invading Ukraine, Russia tried to weaken it in several ways, in particular by jamming and hacking into its communications. If these operations were thwarted or fended off by Ukrainian cyber defense, then, nevertheless, it must also be understood that Russia has undoubtedly chosen a different path to wage this war, faster and less costly than the cyber path. Because it is more effective to disrupt the functioning of a country, bomb its infrastructure or take control of it with troops on the ground, than to conduct sophisticated cyber operations.
Germany is vulnerable
However, Germany found that it was a direct and collateral victim of some of the cyberattacks carried out in the context of Russia’s war against Ukraine: its wind turbines were turned off, the secrets of its oil refineries could be revealed to the public at any time. at any time, political data may be inappropriately published. Finnish expert Mikko Hipponen, head of the security company F-Secure, delivered a message to the German press: the country is particularly vulnerable in its critical infrastructure, and Ukraine is well trained to defend itself against cyberattacks. To solve this structural problem, some security politicians would like Germany to increase its offensive cyber capabilities, or even to have the army in charge of the country’s entire cyber defense. For others, such as cybersecurity expert Sven Herpig in an interview with IT magazine. this, this strategy would be a mistake. Rather, we should hurry up with the development of large-scale civil cyber security, since most cyber operations are not part of a military context, but fall under the scope of economic or political espionage, sabotage, surveillance and cybercrime.
Cyber war has already begun
Besides, how can a cyber operation have a deterrent effect? The best deterrent is a flawless defense that prevents the enemy from reaching his goal. In the current environment, it must be taken into account that Russia is resorting to disinformation and cybercriminal operations, say cyberdiplomacy experts Tyson Barker and Heli Tirmaa-Klaar in the daily newspaper Peace. Hackers, such as members of the Konti cyber-gang, who have sworn allegiance to the Russian government, can send ransomware to democratic infrastructures, as has already happened with the open source information portal Bellingcat. Whether in the context of the war in Ukraine or even in the longer term, we must in any case be prepared for constant conflicts in the gray zone where Russia is accustomed to develop, the one that is beyond the threshold of war and which is aimed at civil society. If the expected “cyber war” did not actually take place, it is because it has in fact already begun.