Ukraine and US targeted by cybersecurity attacks in run-up to Russian invasion

Illustration by Alex Castro / The Verge

There are new reports of hacking campaigns linked to Russia's war in Ukraine, with the stories showing more light on the issue of cyberwarfare. Many experts predicted that Russia would launch cyber attacks in Ukraine, shutting down the country's electrical grid. Smaller operations are beginning to emerge, even though large-scale operations have not materialized.

On Monday, the company said it had found widespread attacks on Ukrainian officials and the Polish military. As Western sanctions bite down on Russian energy exports, Resecurity Inc shared evidence of a coordinated hacking campaign targeting US firms that supply natural gas. Attacks could be linked to groups associated with Russia.

UkrNet, a Ukrainian media company, as well as the Polish and Ukrainian government and military organizations, were targeted by the attacks. The latter group was responsible for the 2016 Democratic email hacks.

Over the past two weeks, TAG has observed activity from a range of threat actors that we regularly monitor and are well-known to law enforcement, including FancyBear and Ghostwriter. We are sharing this information to raise awareness among the security community and high risk users.

More than 100 computers belonging to employees and former employees were penetrated by the campaign. Resecurity described the work as pre-positioning hacking machines to prepare for a larger operation.

Two weeks before the invasion of Ukraine, the attacks began and securing a foothold in US gas suppliers would offer plenty of opportunities for leverage. As European nations have sought to wean themselves off Russian natural gas as part of a range of economic sanctions, energy firms in the United States have stepped up their supply.

The CEO of Resecurity thinks the attack was carried out by state-sponsored hackers, but he doesn't know who that is. One of the hackers involved had ties to attacks carried out by Fancy Bear.