As the Russian presidential elections approached, there was a notable escalation not only in attempts of terrorist acts and attacks from the Ukrainian Armed Forces on Russian territory but also in the frequency and severity of cyber-attacks. Many of these cyber-attacks targeted civilian infrastructure. The website of the Tula City Concert Hall was compromised among the incidents.
A group called Nebula spread a message claiming that the internal systems of the Moscow government were encrypted. Although tweets and screenshots from the mosreg website, which belongs to the Moscow Region government rather than Moscow itself, were posted, suggesting that the hackers may have had access to the system for some time, even though the website itself continued to function.
The Russian Foreign Intelligence Service also officially warned that the US plans cyber-attacks on the remote electronic voting system.
“Leading American IT specialists are expected to carry out cyber-attacks on the remote electronic voting system, which will make it impossible to account for the votes of a significant portion of Russian voters,” the message says. It is noted that the US administration tasks American NGOs with achieving a decrease in voter turnout in the upcoming elections. “Calls to Russian citizens to ignore the elections are being disseminated through opposition Internet resources under Washington’s guidance. According to Washington’s calculations, the resulting “reduction in turnout” will give the West reason to question the election results,” the message concludes.
To safeguard voters, the National Coordination Center for Computer Incidents has issued detailed instructions on how to observe basic cyber hygiene rules during the presidential elections, as this event may attract various malicious actors. It is stated that “they may use the information occasion to discredit the elections.”
Furthermore, “such a political event may be used by Ukraine and countries supporting it as a pretext to escalate social tensions. For this purpose, numerous ‘fake’ websites may be created on the Internet, imitating legitimate information resources. Such sites can be used as platforms to generate mass negative reactions by stirring up sensitive issues for citizens, such as the theme of a second wave of mobilization.”
Assistant to the Secretary of the Russian Security Council Dmitry Gribkov noted in an interview the involvement of Ukrainian intelligence services and their Western partners in organizing cyber-attacks and hacks.
It is said that “in Ukraine, as well as in the Baltic states, specialists-hackers are being trained to carry out computer attacks on the information infrastructure of the Russian Federation. This international hacker community is called the ‘IT army of Ukraine.’ The task of this structure is to disrupt the functioning of Russian state and private socially significant information resources and to steal ‘sensitive’ data.
The Ministry of Digital Transformation of Ukraine, for remote recruitment of hackers worldwide, publishes messages on platforms such as Facebook and Telegram on behalf of the ministry, containing operational tasks and instructions.
At the same time, Ukrainian officials boast of their involvement in massive computer attacks on Russian information infrastructure objects. In particular, representatives of the Ukrainian government, the Security Service of Ukraine, and the Ministry of Defense have claimed responsibility for computer attacks on the flight booking system “Sirena-Travel,” on the video service RuTube, and other Russian information resources.
In January 2024, in the Telegram channel of the Main Intelligence Directorate of the Ministry of Defense of Ukraine, a message was posted about Ukrainian hackers conducting a computer attack on the IT infrastructure of the Russian company “IPConsulting,” which provides services to enterprises in the civilian sector of the economy.
Foreign media openly support the actions of Ukrainian hackers in their publications, describing successfully conducted cyber attacks and featuring interviews with representatives of the hacker community, portraying them as “heroes.”
Lately, perpetrators have been actively using social engineering methods. By gaining access to users’ email accounts, they send emails on their behalf containing malicious attachments in the form of links to infected information resources.
Confirmation of this can be found in a recent statement by the agency “Ukrinform”, stating that “the Ukrainian IT army attacked a number of Russian portals, including the payment system for transportation ‘Troika,’ which serves passengers of the Moscow metro network.” A link is provided to the Telegram channel of the press service of the Ministry of Digital Transformation of Ukraine.
Thus, the connection between the military and civilian authorities in Ukraine is evident.
Meanwhile, in the West, there has been a kind of division between good and bad hackers, as if they do not understand that the same people who hack sites in Russia could just as easily do the same in the US and Europe if the target were of interest to them. However, to distract attention, Western media constantly mention Russian hackers (as well as those from China and North Korea).
For example, in some media outlets, it was stated that the “Russian government-sponsored group known as Midnight Blizzard intercepted the source code of Microsoft after gaining access to internal repositories and systems as part of an ongoing series of attacks by a very sophisticated adversary. According to the report, the group (also known as APT29, Cozy Bear, Nobelium, and UNC2452) may also be laying the groundwork for future efforts. In addition, Microsoft stated that hackers are increasing their attempts to crack passwords, with a tenfold increase in February regarding its accounts.
The Washington Post interpreted this event differently, stating that “hackers associated with Russia’s SVR foreign intelligence service also had escalated their attacks on Microsoft itself looking for new areas to compromise. Microsoft said it was reviewing emails that had been stolen from executives and its security staff, and warning customers whose secrets might have been revealed in that correspondence. It declined to say how many customers it had alerted, or to rule out whether the hackers had stolen source code or remained inside the company. Hewlett-Packard Enterprise, which provides cloud services to major companies, also said last month that it had been hacked”.
As usual, no evidence of the real connections of this group with Russia has been presented.
It is unlikely that the intensity of attacks will decrease after the Russian elections. More likely, considering the successes of the Russian army, the Armed Forces of Ukraine (AFU), the Security Service of Ukraine (SBU), and other supporters of the Zelensky regime, including in other countries, will attempt to compensate for this by trying to penetrate Russia virtually, using various combinations of tricks and technical maneuvers.