Preparing for Armageddon: How Ukraine battles Russian hackers

For years, a small and disparate Ukrainian team including IT experts, intelligence officers, and a criminal prosecutor has kept a wary eye on a group of hackers nicknamed Armageddon.

The Security Service of Ukraine was powerless to stop the hackers because they were based in Crimea, which was seized by the Russian government.

The Ukrainian team watched Armageddon from afar. The hacking group's cyber weapons, intercept phone calls, and outed its purported leaders were studied quietly.

Armageddon is one of the most prolific hacking groups that have attacked Ukraine. In thousands of attempts, it has unleashed more effective software that is hidden within cleverly engineered emails to spy on Ukrainian government bodies.

Following Russia's invasion on February 24, its latest attacks have been parried thanks to Ukraine's deep knowledge of Armageddon.

What is the best time to study your enemy? A Western official who asked not to be named said that this was especially true when you have no choice but to react.

According to Western and Ukrainian officials, as well as cyber security experts, the long-running tracking and tackling of Armageddon is just one example of a persistent defense that has enabled Ukraine to fend off an astounding number of cyber attacks in recent weeks.

The country has the same resilience online as it does on the ground. This strength comes from years of preparing for, and sometimes recovering from, sophisticated Russian cyber attacks, including one that knocked out the power supply to some Kyiv suburbs in 2015.

The first teams of American soldiers were sent to help bolster Ukrainian cyber defenses after retired US Navy admiral Michael Rogers ran US Cyber Command and was the former head of the National Security Agency. The missions allowed the Americans to look at Russian tradecraft, look at Russian malware, and look at the details of how Russian cyber entities operate.

The preparation paid off earlier this month. Western cyber security companies assisted the Ukrainian officials in discovering high-grade software from a hacking group called Sandworm, which was found inside computers at a power station serving millions.