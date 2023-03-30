



R US cyber attack last year was fast, furious and powerless. In it, hackers carry out perhaps the biggest attack ever on computer networks. Ukraine, well prepared and supported by foreign technology companies and allies, weathered many of these strikes, keeping communications and important government services online against all odds. But cyber warfare, like physical warfare, is evolving. Russian cyber forces, portrayed as formidable, have actually adapted to the circumstances, argues Dan Black, who served in niton cyber threat analysis branch until December and now works for Mandiant, a cyber security firm within Google. During its offensive in eastern Ukraine between April and July, Russia expanded its cyber operations into Poland and Eastern Europe to gather intelligence on arms shipments to Ukraine. of Grew the Russian military intelligence agency, began using more malware from criminal markets to add more fancy home-made tools. In a letter to Additional IISS Black says Russian forces showed signs of a more prepared and revived cyber program from October, during Ukraine’s offensives in the south and east. This included increased cyber attacks against energy, water and logistics targets, alongside drone and missile attacks on Ukraine’s power grid. This pointed to a coordinated strategy to increase pressure between domains, he argues. A report released by Ukraine’s main cyber security agency on March 8 showed that critical and severe cyber incidents, the two most serious types, jumped in December, reaching the highest level since the first week of the war. That pressure is still mounting. On March 15, Microsoft Threat Intelligence, which monitors Ukrainian networks, warned that Grew was preparing for a renewed destructive campaign, including reconnaissance against important targets. His deployment of data-destroying malware was reminiscent of the early days of the invasion. Between January and mid-February, hackers working for all three of Russia’s main intelligence services attempted to penetrate government and military targets in 17 European countries, paving the way for either espionage or disruption, access to a network allows for both. Russian cyber doctrine also prioritizes information warfare. In November, a website began publishing private messages from two senior officials in Moldova, a classic hacking and leaking operation similar to that Grew conducted before the 2016 US presidential election. On March 10, the White House publicly accused Russia of trying to foment a coup in Moldova. Recent Russian propaganda has also spread false claims that Ukrainian refugees abroad were being extradited and recruited into the Ukrainian military. The Russian military is growing weary of crude and costly ground attacks across eastern Ukraine. There is little offensive potential left. But it is easier to carry out cyber attacks than to raise new battalions. Some sophisticated operations are just now coming to light: Microsoft recently revealed that Russia had used a zero-day vulnerability that was previously unknown and thus impossible to patch for over a year, until it was discovered in mid March. The vulnerability was used not only against Ukraine, but also against government, military, energy and logistics sectors in Poland, Romania and Turkey. Energy security and European logistics are on the mat, warns Mr. Black, and these priorities are not fading. Ukraine needs continued cyber assistance as much as a steady supply of shells. On February 22, Dutch spy agencies warned that Ukraine’s steadfast defense could probably only be maintained as long as Western support remains as intense and adaptive as the cyber operations of Russian intelligence services. Mr. Black agrees. The reality is that the war is not over, he writes. The interplay between offense and defense may yet change as Russia continues to learn from its early shortcomings.

