Cyberattacks have become a prevalent tool in modern warfare. Frequently, cyber operations serve as the initial phase of full-scale military interventions, fueling crises, chaos, and orchestrating artificial mass anti-government movements. By eroding trust in governmental agencies, they can exert political pressure on the government.
The effectiveness of cyber operations in modern military endeavors, and their potential for effective countermeasures, is a question addressed by Valerii Tsiupa, President of the International Cyber Academy.
It starts in Tallinn
The landmark cyber operation conducted by Russia against Estonia in 2007, in response to the relocation of the Bronze Soldier monument in Tallinn, holds historical significance. During this event, adversaries successfully disrupted the websites of the Estonian parliament, ministries, banks, and inundated major news outlets with spam comments via botnets.
Among the arsenal of tactics deployed were methods like DDoS attacks, along with defacement—altering content on the websites of government agencies and political parties. It's noteworthy that defacement attacks targeted Ukrainian government web portals in January 2022.
While the cyberattacks against Estonia didn't escalate into physical confrontation, they served as a stark reminder of the potential for military operations in cyberspace.
Sometimes, these operations coincide with artificially instigated acts of civil disobedience involving specially trained groups of "protesting citizens," with the primary aim of creating controlled chaos.
The aftermath of this case led to the development of the "Tallinn Manual on the International Law Applicable to Cyber Warfare" and the establishment of the NATO Cooperative Cyber Defence Center of Excellence. These entities assist in defending the cyber front of partner states against both "isolated" cyberattacks and comprehensive operations with physical manifestations. Let's delve further into them.
Russian invasion of Georgia
The Russian invasion of Georgia on August 8, 2008, saw concurrent cyberattacks aimed at disrupting government websites and independent media outlets. According to U.S. Army officer Sirius Bontea's monograph " The Cyber Threat to Military Just-in-Time Logistics: Risk Mitigation and the Return to Forward Basing," Russia initiated cyberattacks on Georgian websites three weeks before the military invasion. These attacks were synchronized with infantry deployments, armored vehicles, bombings, and a naval blockade.
Cyberattacks on the websites of independent Georgian media outlets hindered Georgia's ability to disseminate truthful information about the Russian invasion, thereby becoming one of the four key attack vectors utilized by Russia.
Israeli hackers against Syrian air defense
In 2007, Israeli hackers executed Operation Orchard in Syria, successfully disabling the Syrian air defense radar in Tel Abiad and conducting a swift airstrike. The operation's success was attributed to the cyber capabilities of Israeli hackers, resulting in the destruction of a nuclear facility in northern Syria.
Dr. Matthias Schulz, Deputy Head of the Research Division at the German Institute for International and Security Affairs (SWP), cited this operation as an example of the consistent use of cyber capabilities to deliver an effective initial strike.
Modern warfare also includes examples of "defensive" cyber operations, where cyber specialists' actions hinder physical attacks on a country or weaken the aggressor. The United States utilized cyber jamming in 2012, under President George Bush's direction, to hack North Korean missile launch programs, thereby thwarting North Korea's missile tests.
It remains uncertain whether American experts specifically disrupted these tests or if it was a bluff. Nonetheless, it undermined North Korea's confidence in its ability to launch ballistic missiles.
A similar cyber operation was conducted in 2019, at the behest of then-President Donald Trump, to neutralize Iranian computer systems controlling missile installations.
Ukraine-Russia cyber warfare
The ongoing war between Russia and Ukraine has witnessed intensified cyber warfare since 2014. In March 2014, Russian hackers disrupted Ukrainian government systems using cyber weapons dubbed "Snake." In May of the same year, Russian cyberattacks aimed to disrupt Ukraine's presidential elections, attempting to alter voting results and delay result announcements.
In 2017, the NotPetya attacked numerous companies and institutions worldwide. In Ukraine, data on 10% of all personal computers were encrypted and destroyed, causing also significant losses to international companies. For example, Maersk, a logistics operator, incurred losses of around $300 million.
This malicious software affected several banking institutions, energy companies, media holding websites, and the logistic company "Nova Poshta" in Ukraine, demonstrating that military cyber operations aren't exclusively aimed at government resources. Instead, they may target private companies, effectively paralyzing entire sectors of the economy. The targets extend beyond government agencies and critical infrastructure to include private industrial companies, the financial and banking sector, telecommunications, and other industries.
January 14, 2022: A New Phase in Cyber Warfare
On January 14, 2022, just a month before Russian full-scale military invasion of Ukraine, a series of cyberattacks were unleashed on Ukrainian websites. These attacks involved posting content in Ukrainian, Russian, and poorly constructed Polish, which condemned the actions of the Organization of Ukrainian Nationalists and the Ukrainian Insurgent Army. According to an official announcement, 22 government websites were affected, with an additional 70 being taken offline under the directive of the State Service for Special Communication and Information Protection of Ukraine and the Security Service of Ukraine.
A fresh wave of attacks commenced on February 15, 2022, targeting services provided by PrivatBank and Oschadbank, along with websites belonging to the Ministry of Defense and the Armed Forces of Ukraine. Subsequently, both the frequency and diversity of attack methods escalated. By March 16, over 3000 DDoS attacks had been documented, alongside widespread phishing campaigns and the dissemination of malicious software, including CaddyWiper.
Insights from Microsoft Experts
Microsoft released findings from a new study examining the correlation between cyberattacks and Russian military operations in Ukraine. Experts noted that Russia had been plotting a full-scale invasion as early as 2021. During this time, Russian security services focused their efforts in Ukraine to monitor organizations that could provide intelligence on Ukrainian military activities, humanitarian aid efforts, and other pertinent information.
The Microsoft report also highlighted attacks occurring on February 23, 2022, just prior to Russia's full-scale invasion. According to experts, this activity aimed to destroy, disrupt, or infiltrate the networks of government institutions and critical infrastructure, some of which were targeted by Russian military strikes using both ground and missile tactics.
Russia also leveraged cyberattacks to coordinate missile strikes. On March 1, 2022, a massive cyberattack was launched against a Ukrainian television and radio broadcaster, coinciding with a missile strike on a television tower in Kyiv carried out by Russian military forces.
Over 40% of the destructive attacks targeted organizations within critical infrastructure sectors, posing significant risks to government functionality, military readiness, the economy, and civilian safety. Thirty-two percent of these destructive incidents affected Ukrainian government organizations at national, regional, and municipal levels.
As evidenced, large-scale cyberattacks not only jeopardize the security of government agencies but also pose threats to civilian lives. Frequently, cyberattacks serve as integral components of broader military operations culminating in country invasions and/or terrorist activities.
Therefore, prioritizing the security of digital infrastructure is paramount, considering its interconnectedness with physical space, devices, and data—both personal and corporate, particularly for businesses offering products or services to government entities.
It's imperative to recognize that cyber threats will continue to evolve and may target smaller entities connected to government organizations, critical infrastructure, financial institutions, telecommunications, healthcare, and municipal services. The emergence of state-sponsored cybercrime as a component of military operations underscores the urgent need for coordinated efforts at intergovernmental, public-private, and community levels to combat these threats effectively.