The Cyberwar With Russia Is Happening, But You’re Not Hearing It

The lack of spectacular attacks does not mean that the tension has subsided in cyberspace. Russia continues to carry out espionage operations against Ukraine and all of its allies.

The cyberapocalypse has not happened, but the great fight against espionage is daily. Politicians and the population imagined that the war launched by Russia would be accompanied by the extinction of power plants and government platforms – it was not.

That’s not to say the Kremlin hackers didn’t attempt to take down Ukraine’s computer network, but just like on physical battlefields, they faced a stronger shield than they did. imagined.

The logistical support provided by tech giants like Microsoft, BitDefender and the US government has made it possible to detect threats and attempted attacks much faster. Faced with this wall, Russian hackers changed their strategy in the fall of 2022, favoring cyber espionage over data destruction. Thus, while wiper attacks – malware intended to erase all data – were numerous during the first half of 2022, this method was used less from September.

Ukrainian Communications Protection Service shared an example of fake Telegram notifications to trick users. // Source:

Bursts of emails and booby-trapped messages

Interviewed this fall by Numerama, Bogdan Botezatu, director of threat research for BitDefender, already indicated that “the activity remains very intense, but cyber espionage campaigns will be favored in an attempt to capture information on Ukrainian strategies and communications with NATO forces”. 

Major cybersecurity companies have detected various cyber espionage campaigns that confirm the reversal of tactics. As early as late August, the Gamaredon group, Russian intelligence hackers, launched a phishing campaign targeting Ukrainian government employees. The Talos group has identified Word documents sent by email and claiming security information contained malware to steal data.

From November to December, the Trellix company saw a burst of fraudulent email twenty times higher than the norm, after a massive campaign impersonating several Ukrainian government departments.

At the end of the year, Sekoia revealed an operation by the Calisto collective against several Western military equipment and logistics companies based in Ukraine. NGOs documenting war crimes have also been targeted.

Europe and the United States targeted

The offensives have multiplied at the start of 2023. In January, the Ukrainian cybersecurity services detected a campaign of fake emails from the national health service. The malware deployed by the Nodaria group is intended to “snatch credentials, screenshots and files”. Gameredon is back to the same period with booby-trapped messages sent to Ukrainian officials this time by Telegram, a privileged network in eastern countries. Applications have even been developed and provided to Ukrainians to check for the presence of spyware in their smartphones.

Ukraine is naturally the first target, but the country being dependent on NATO members for its armament, Russia is also trying to infiltrate the networks of all the main supplier countries. Thus, in a Google report published on February 16, the group indicates that “targeting of users in NATO countries increased by more than 300% in 2022.”

The voltage is therefore constant for the American and European networks. The term cyber warfare can be misleading, as the general public imagines combat through computers. In fact, these are operations lasting several months to infiltrate computer systems. The attack is silent, but the damage behind is clearly visible.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s