Global Experts Form Cyber Rapid Response Team (CRRT) to Defend Ukraine From Cyber Attacks

On Wednesday, the websites of several Ukrainian banks and government departments became inaccessible following a wave of DDoS (Distributed Denial of Service) attacks. A DDoS attack involves multiple coordinated online devices which are used to overwhelm their target website with fake traffic, rendering it as inoperable.

Parallel to these DDoS attacks, is what experts are calling a sophisticated “wiper” attack, used to destroy the data on the machines that the malware has infected and is being targeted at Ukrainian organizations. On Wednesday night, cyber-security experts from ESET and Symantec reported the new “wiper” malware, with a spokeswoman stating that, “"ESET telemetry shows that the malware was installed on hundreds of machines in the country."

This attack is believed to have been premeditated, as the malware appears to have been created in December 2021.

A build up of cyber-attacks prior to invasion

This spike of attacks prior to the Russian invasion of Ukraine appears to mirror a more intense version of attacks on the nation that happened in January. 

On January 14th the websites of several government departments, including the ministry of foreign affairs and the education ministry, had again been rendered inaccessible. 

According to reports from The Guardian , the hackers left a warning on the foreign ministry website that said, “Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.” The message showed the Ukranian flag and map crossed out and a reference to “historical land,” which appears to be a continuation of Putin’s denial of Ukraine’s sovereignty.

At the same time as this onset of cyber attacks, over 100,000 Russian troops massed at Ukraine’s border. At this time, Russia denied any intention to invade, with Russia’s defence ministry spokesman Igor Konashenkov stating that, "A number of combat training exercises, including drills, have been conducted as planned," and that these exercises were due to end on February 20th.

In contrast to Russia’s defence ministry’s initial statement, the Russian military has now begun their invasion of Ukraine at 5am (3am GMT) yesterday morning.

Ukrainian response

In response to the Ukraine-targeted cyber attacks, a cyber rapid response team (CRRT) has been formed, made up of 12 experts from Lithuania, Croatia, Poland, Estonia, Romania, and the Netherlands. 

The Lithuanian Ministry of Defence tweeted , "We can see that cyber-measures are an important part of Russia's hybrid toolkit. A cyber rapid-response team (CRRT) is being activated after a request from Ukraine. Team of experts from [these countries] has committed to help defend [Ukraine] from cyber-attacks.”

These cyber attacks do not appear to be limited to Ukraine, as reports of Russian-originating cyber attacks are happening at a global scale. Recent examples include the Swissport cyber attack on February 3rd, causing hugely disruptive flight delays, and an attack on two German Oil companies on January 29th, rendering many fuel stations across Germany temporarily out of use.

The National Cyber Security Centre, which is part of the UK’s intelligence service GCHQ, released a statement, “Following Russia’s further violation of Ukraine’s territorial integrity, the National Cyber Security Centre has called on organisations in the UK to bolster their online defences.”

To learn more about how you can protect your organisation, get started today with a free cybersecurity consultation, where we can discuss the best cybersecurity solutions to protect your business. Book your consultation here.