Immediately after the conflict broke out, suspected pro-Russian cyber-attacks were observed over a 48-hour period at an increase of over 800%. U.S. cyber security agencies, the FBI, and the Department of Homeland Security have all shared high alerts covering threat levels, preparedness, and response. One of the reasons why this conflict has such an impact on the cyber space is that both Russia and Ukraine are major players in the global technology industry. A year ago, Ukraine in particular, performed as a key hub for IT outsourcing and software development, with many international businesses relying on Ukrainian talent and expertise to maintain their digital operations. As such, any disruption to the Ukrainian tech industry has been creating a knock-on effect across a wide range of industries and companies worldwide.
Meanwhile, Russia has been linked to several high-profile cyber attacks in recent years, including the SolarWinds breach, which targeted a range of US government agencies and private sector organizations. The Colonial Pipeline ransomware attack in May 2021, which caused widespread fuel shortages and panic buying across the southeastern United States, has been attributed to Pro-Russia threat actors. The attack, which was carried out using the DarkSide
ransomware, resulted in the shutdown of one of the largest fuel pipelines in the country for several days, causing substantial disruption to critical infrastructure and the economy as a whole. Those incidents highlight the geopolitical tensions as state-sponsored cyber threats have a profound impact on global cyber security. It also underscore the importance of robust cyber security measures and effective risk management practices for businesses and organizations of all types.
Pro-Russia cyber threat actors may have a range of motivations for targeting NATO members and its allies, including political, economic, and strategic objectives. For example, they may seek to disrupt critical infrastructure, gather intelligence, or gain leverage in negotiations or other diplomatic efforts. In some cases, state-sponsored attacks may be designed to support broader geopolitical goals, such as expanding influence or challenging the dominance of Western powers, providing a counterbalance in the region. Additionally, cyber attacks can be seen as a low-cost and low-risk means of projecting power and exerting influence in areas where more traditional methods may be ineffective or counterproductive.
According to a Google report
, in early 2022, the pro-Russian attackers shifted their focus to targeting Ukrainian organizations, the Ukrainian government, and European humanitarian and non-profit organizations. The group’s targeting wildly varied from European NGOs to less targeted attacks on Ukrainian government entities, organizations and individuals. Rather uniquely, these groups demonstrate strong interest in breaching businesses operating in the hospitality industry of Ukraine, going as far as launching multiple distinct campaigns against the same hotel chains. This overlap of activity is likely to continue throughout the conflict and affect other industry verticals with the potential to disrupt digital supply chains across multiple geographies.