Flag of Ukraine on a computer binary codes falling from the top and fading away.
Enlarge / Flag of Ukraine on a computer binary codes falling from the top and fading away.

A group of Americans fanned out across Ukraine looking for a specific kind of threat months before the Russian invasion.

The US Army has a Cyber Command. The kind of cyber attacks that Russian agencies had inflicted upon Ukraine for years was something that some employees of American companies help defend.

The US had been helping Ukraine bolster its cyber defenses for years, ever since an attack on its power grid left part of Kyiv without electricity for hours.

The surge of US personnel in October and November was preparation for war. People familiar with the operation said that there was an urgent need to find hidden software which Russia could have planted, then left dormant in order to launch a devastating cyber attack alongside a more conventional ground invasion.

Experts warn that Russia may yet unleash a devastating online attack on Ukrainian infrastructure that has been expected by western officials. The past two months of targeted bolstering may explain why Ukrainian networks have held up so far.

Billions of dollars of lethal weapons have poured into Ukraine to fight and kill Russian soldiers, but officials in the US and Ukraine are careful to describe the work of the cybermission teams as defensive.

Victor Zhora, a senior Ukrainian government official, said that Russian attacks have been blunted by the Ukrainian government.

In the Ukrainian Railways, a team of American soldiers and civilians found and cleaned up a particular type of malicious software called "wiperware", which cyber security experts call "disabling entire computer networks simply by deletion of crucial files on command."

Advertisement

In the first 10 days of the Russian invasion, more than one million Ukrainians escaped to safety on the rail network. The Ukrainian official said that if the software had remained undiscovered, it could have been catastrophic.

Hundreds of thousands of Ukrainian women and children tried to leave the country last week, as computers at the crossing to Romania were disabled, adding to the chaos, according to people familiar with the matter.

With a much smaller budget, these teams had to lay the ground with private groups that provide the backbone for most of the infrastructure that Russian hackers, either government-affiliated or not, were expected to attack.

The Ukrainian national police, along with other Ukrainian government arms, were facing a massive onslaught of distributed denial-of-service attacks.

The Americans contacted a Californian cyber security group that sells a virtual machine to counter such an attack.

The US Department of Commerce gave clearance within 15 minutes after funding was approved. A person familiar with the rapid-fire operation said that a team of engineers had installed the software onto the Ukrainian police server within eight hours of the request.

Major US and European companies have been forced to devote resources to defending Ukrainian networks because of the onslaughts targeting commercially available software.

Microsoft has a Threat Intelligence Center that has been running for months and has been thrust into between Russian and Ukrainian systems.

Advertisement On February 24, a few hours before Russian tanks started rolling into Ukraine, Microsoft engineers detected and reverse-engineered a newly activated piece of malware, Microsoft’s president Brad Smith has said in a blog post.

Within three hours, the company issued a software update to protect against the threat and warned the Ukrainian government about the attacks. A person familiar with the late-night decision said Microsoft immediately extended the warning to neighboring Nato countries.

Smith wrote that Microsoft and other software makers needed to remain vigilant against what happened in 2017, when a malicious software program attributed to Russia spread beyond the borders of the Ukrainian cyber arena.

Experts who have watched the Russian cyber assaults have been confused by their lack of success, as well as the lower intensity and sophistication of what Russian-government hackers are capable of.

One European official who was briefed this week by the Americans at a Nato meeting said that Russian offenses have proved mediocre. He said that Russia has held back its elite corps in the cyber arena because it has underestimated the Ukrainians.

Russian commanders are sometimes piggybacking on Ukrainian cell phone networks to communicate, at times, simply by using their Russian cell phones.

The Ukrainians love it because there is so much data in watching these phones.

Russian phones are blocked by the Ukrainians at key moments, further jamming their communications. It is quite puzzling.

The Financial Times is a division of The Financial Times. All rights are not to be redistributed, copied or modified.