On January 14, 2022, Ukraine was the victim of a cyberattack that notably targeted several government sites. This attack comes in a context of very strong tensions between Ukraine and Russia: several thousand Russian soldiers have been deployed along the Ukrainian border. While the Ukrainian authorities claim to have “evidence” of Russian involvement in the attack, the Kremlin replies that these accusations are “gratuitous”. CESDIP* researcher Daniel Ventre calls for caution when appointing officials: “The situation of cyberattacks against Ukraine is particular since there are tensions with Russia, but it is important to ask if the attacks are directly linked to that context. »
Before even being able to designate a person responsible, the first question to ask, according to him, is that of the nature of the attack. This took place on devices using an operating system by Microsoft, which hastened to update its antivirus. According to the IT giant, the malware used in the attacks “is made to look like ransomware [ransom software, editor’s note]”, but without the data backup system. It, therefore, aims to be “destructive and to render the targeted systems inoperable”, rather than to recover money in exchange for data that it has not stored anyway. While the Ukrainian authorities claim that they have not suffered significant damage, Microsoft nevertheless warns that these actions create “a high risk for any government agency, association or company in Ukraine”.
Once the nature of the attack has been determined, we can try to identify the culprit. However, Daniel Ventre wishes to warn against easy accusations and without proof. “Cyberattacks are happening every day, almost continuously, whether in Ukraine or elsewhere. When we are in a confrontation field, it can be simpler a priori, when a State is attacked, to point the finger at the opposing camp. But there may be other categories of attacks.
Thus, authors other than Russia are possible. It could be simple cybercriminals. “And even if they were pro-Russian actors, they could be Russian, non-Russian, Ukrainian or non-Ukrainian”. But the attribution of this kind of attack always takes time. “For example, it was only in 2020 that the US Department of Justice finally designated Russian officers as responsible for Operation NotPetya in 2017”, an attack that had suffered several European companies, but also and especially Ukrainian and Russian. NATO has affirmed its next cooperation with Ukraine against cyberattacks, which will probably consist of providing support in the search for the culprit.
Daniel Ventre adds that an immediate reaction is difficult, because “we are external actors. We don’t have access to raw data, and those who have access to data can also build stories without us having the possibility of contradicting them or of proposing others”. This makes the assumptions even riskier, because “it is always about several accounts, several actions, several actors and several phenomena which can be implicated in parallel at several times. We can see state, internal or external criminal actions, and sometimes all at the same time.
Finally, the researcher calls for one last precaution: “We must not forget that Ukraine is the victim of attacks, but that it also has its own criminal actors, just like in Russia or elsewhere. The landscape is very complex.