Russia’s invasion of Ukraine has taken place both on and offline, blending physical devastation with escalating digital warfare. Ransomware gangs and other hacking groups have taken to social media to announce where their allegiances lie.
The Record will be tracking who these groups align with, as well as any attacks they launch related to the conflict.
Many of the pronouncements from these groups include threats against critical government infrastructure. Some collectives are state-sponsored while others are decentralized — but all are able to take down computer systems and breach organizations.
“It is now an inevitable part of any military action that so-called ‘Cyber Patriots’ will engage the perceived enemy either of their own free will or at the direction of their government. Some of these activities, such as Anonymous launching DDoS attacks, will be nothing more than minor nuisances but others could have real consequences,” said Allan Liska, a ransomware expert at Recorded Future. “Ransomware groups, for example, have more targets than they can go after right now and may decide to focus on attacking the enemies of their country to create real disruption. And the more skilled groups can have an even greater impact.”
Liska warned that Sandworm and UNC1151 are the most concerning in terms of their capabilities and activity, and should be closely monitored.
United with Ukraine and “officially in a cyber war against the Russian government.” The group later tweeted that they targeted Russian-state controlled international television network RT, and “has taken down the website of the #Russian propaganda station RT News.” Anonymous is said to be a decentralized hacktivist group that targets different government institutions and government agencies, corporations, and the Church of Scientology.