Russia’s Cyber Assault – USA Gov Policy

The news is filled with horrific images of the physical destruction of Ukraine by Russian troops and missiles. What is missing from the picture is the untold story of the battle inside the cyber and information domains. US intelligence officials have known that the Kremlin has been using “soft” and “hard” tactics to target Ukrainian military, government, and private sites for years. Russia’s attacks on the sovereign nation’s critical infrastructure, including government websites, affiliated organizations, media, and critical financial infrastructure have intensified since the start of President Putin’s current “special military operation,” according to Jamestown Foundation’s Alla Hurka. The Security Service of Ukraine (SSU) announced in late March its “cyber units managed to shut down an inter-regional network of five enemy bot farms with the capacity to direct over 100,000 fake social media accounts,” according to Hurka. The Kremlin is using this invisible bot army to support the war in Ukraine with a highly organized and unprecedented disinformation campaign.

One goal of the cyber attacks is to spread disinformation across a wide sector of the Ukrainian population to incite panic and disrupt the country’s effort to combat Russian aggression. Stories include false narratives about Ukraine’s top leadership. A series of fallacious reports suggested President Zelensky fled the country with his family, leaving the citizenry to fend for themselves. Another reportedly provided false data on the morale of Ukrainian troops indicating they were defecting and soon would be defeated by superior Russian forces. Another provided information that Ukraine over-inflated the number of civilians killed in the country. Repeating the pattern casts doubts into the minds of civilians in Ukraine and in other countries, including the United States. Social media accounts also are filled with suggestions by Russian trolls that “the West doesn’t really know what is happening” or the identity of the bad guys. The SSU acknowledged in a recent report that the network is “supervised by the Russian special services, used various social networks, including those banned in Ukraine, to carry out large-scale information sabotage activities to destabilize the socio-political situation in various regions of Ukraine.”

In a physical search of the bot farm sites conducting cyber warfare, law enforcement officers seized numerous pieces of special equipment, including around “100 GMS gateways, 10,000 mobile phone SIM cards of various mobile operators used to disguise the activities of the bot farms, and an unspecified number of computers and laptops used to run cyber operations,” according to the SSU. Three weeks ago, Ukraine eliminated a bot farm that sent 5,000 cellphone text messages to Ukrainian military and law enforcement personnel pushing them to defect and surrender to the Russians. As fast as Ukraine can identify and neutralize a Russian cyber campaign another springs up to replace it. Artem Dekhtyarenko, a spokesman for the Ukrainian Security Service said “The most interesting thing is that all the equipment was placed in Dnipropetrovsk region, but remotely controlled from the Russian Federation.”

More than 7,000 cell phones inside Russia are part of Putin’s ongoing disinformation campaign and includes apps such as Telegram, WhatsApp, Facebook, and Viber. The SSU points out in a recent report that one bot farm can create over 10,000 fake social media accounts in a month using Russian domains forbidden in Ukraine, while also conducting attacks on systems of critical infrastructure facilities, sending malware phishing emails and executing distributed denial of service (DDoS) attacks on government information resources. Farid Safarov, Ukraine’s deputy minister of energy for digital development, digital transformation, and digitization, estimated that the number of cyberattacks against Ukraine’s energy sector during the first 40 days of the ongoing war exceeded 200,000. Hurka points out that during the week of April 4 alone, there were “approximately 20,000 cybersecurity incidents.” Over 50 of the recorded attacks were directed at Ukraine’s electric supply. In 2021, there were only two such recorded attempts by foreign entities. These attacks aimed to damage high-voltage electrical substations, computers, and networking equipment.

In response, the Ukrainian government’s Ministry of Digital Transformation and the Ministry of Culture and Information Policy recently created an all volunteer “Internet Army,” which includes an international IT legion of more than 310,000 Ukrainian and foreign IT professionals willing to go to war against Russian’s cyber forces. To join the army, a volunteer goes on Telegram or Discord channels where tasks are assigned. One also can use Viber, Facebook, Twitter, Instagram and Reddit to help pressure Russian outlets and urge companies to withdraw doing business in Russia. While kinetic warfare rages on the ground in Ukraine, an invisible army is hard at work opposing Putin’s special military operation in cyber space.

Daria Novak served in the U.S. State Dept. and teaches at a major university

Quick Analysis

Russia Expanding Aggression

President Putin is using more than one pathway to enter Europe and undermine the West. While most of the world watches the conflict he initiated in Ukraine, the Russian government is actively pursuing a second front in a little noticed campaign in Cyprus. Although the corrupt Cypriot government ended its issuance of “golden passports” in 2020, Russian intelligence is functioning quietly there to transform this EU country into a Russian beachhead of illicit economic activity aimed at penetrating the capitalist West, according to Paul Goble of the Jamestown Foundation. Cyprus is not a member of the North Atlantic Treaty Organization (NATO) nor does it receive as much attention as those countries who are member states. That adds to its allure as a prime location for Russia to attempt to gain a European foothold. Last week a NATO report, cited in the European Daily Monitor, noted that Russian intelligence agents have been plotting to destroy European infrastructure across the continent to disrupt states supporting Ukraine. It further suggests that Putin’s immediate goal is to lay the framework for a future move against the security organization’s members. Hungary, in particular, is another country garnering Moscow’s attention as it opposes the Western response to Russian aggression. Russia is focusing its intelligence efforts on other European, non-NATO member countries in addition to Cyprus, including Austria, Malta, and Ireland. The NATO report suggests that Moscow has had success in disseminating the Russian political narrative in these states to advance its campaign against the West. The island of Cyprus is proving to be a good target for Moscow as it is an ethnically divided island that is part of the EU since 2004. Northern Cyprus, officially called the Turkish Republic of Northern Cyprus (TRNC), is a de facto state that is only recognized by Turkey. The division precludes it from joining NATO. As Goble suggests, “it offers Russia troubled waters in which to fish.” Over the last 20 years, he points out, Cyprus’ challenges have opened it to a massive influx of Russian citizens, who now comprise approximately 10 percent of the island state’s population. Over 2,900 residents are Russians who entered until the “golden passport” program that allowed wealthy or well-connected Russians to move to Cyprus. It also provided them with documentation to travel freely throughout Europe! Although less visible on the world’s radar than the war in Ukraine, Moscow is also being helped by Cyprus’ banks opposition to seizing Russian assets and its support in evading Western sanctions. Russia has placed tens of billions of US Dollars there for money laundering. It has been more than two years since a single Russian “diplomat” has been deported and, in fact, the Embassy has grown to over 300 staffers on this tiny island state of only 1.2 million people. The Russian embassy in Nicosia has advanced communications antennae on its roof and opened a consulate on the northern end of the island. Moscow’s Ambassador, Mura Zyazikov, is a lieutenant general in the FSB with no diplomatic experience. The FSB, SVR (Russia’s Foreign Intelligence Service), and GRU are actively using the island as a base of operations against NATO Member states, Israel, and other Western allies. Moscow backs pro-Russian political parties who in turn influence Cypriot decisions on education, language, and other issues. “Dmitry Khmelnitsky of the Dossier Center says that its findings should be of concern not only to Cyprus but to the West as a whole. Those who ignore what Moscow is doing because Cyprus does not follow the EU sanctions regime are missing something critical,” says Goble. “Cyprus does not seek to get rid of Russian agents and does not interfere with their work,” Khmelnitsky concludes, “despite the fact that what the Kremlin is doing is so clearly visible.” This has an impact not only on the small island but on the EU, NATO, and the West in general. Earlier this year the Moscow Times reported that when the FBI became more interested in Russian business and oligarchs in Cyprus, at least 10 of the major Russian businesses operating there left. Despite the government of Cyprus’ vow to implement plans for new sanctions against Russia, it continues to ignore Putin’s atrocities in Ukraine and to shield the wealth of the 50,000 wealthy Russian citizens and oligarchs residing there. Daria Novak served in the U.S. State Dept. Illustration: Pixabay