The knock-on effects for the rest of the world may not be limited to deliberate reprisals by Russian agents. Unlike old-fashioned warfare, cyber warfare is not limited by borders and can get out of control more easily.
Ukraine has been the victim of aggressive Russian cyber operations over the past decade and has suffered from invasions and military interventions from Moscow since 2014. In 2015 and 2016, Russian hackers attacked Ukraine’s power grid and turned off the lights in the capital, Kiev — unprecedented acts not performed anywhere else before or since.
The 2017 NotPetya cyberattack, again ordered by Moscow, first targeted Ukrainian private companies before spilling over and destroying systems around the world.
NotPetya masqueraded as ransomware, but was actually a purely destructive and highly viral piece of code. The destructive malware seen in Ukraine last week, now known as WhisperGate, also pretended to be ransomware while aiming to destroy key data that renders machines inoperable. Experts say WhisperGate is “reminiscent” of NotPetya, right down to the technical processes that achieve destruction, but that there are notable differences. For one thing, WhisperGate is less sophisticated and not designed to spread quickly in the same way. Russia has denied involvement and there are no clear links to Moscow.
NotPetya has disabled shipping ports and disabled several giant multinationals and government agencies. Almost everyone who did business with Ukraine was affected because the Russians secretly poisoned software used by everyone who pays taxes or does business in the country.
The White House said the attack caused more than $10 billion in global damage and called it “the most destructive and costly cyberattack in history.”
Since 2017, there has been debate as to whether the international casualties were simply unintended collateral damage or whether the attack was aimed at companies doing business with Russia’s enemies. Of course it can happen again.
Accident or not, Hultquist expects we’ll see cyber operations by the Russian military intelligence agency GRU, the organization behind many of the most aggressive hacks of all time, both inside and outside of Ukraine. The GRU’s most notorious hacking group, dubbed the Sandworm by pundits, is responsible for a long list of biggest hits, including the 2015 Ukrainian power grid hack, the 2017 NotPetya hacks, the US and French election meddling, and the hack in the wake of the Olympic Games opening ceremony of a Russian doping controversy that banned the country from the Games.
Hultquist is also keeping an eye out for another group known in the technical community as the Berserk Bear, descended from the Russian FSB intelligence agency. In 2020, US officials warned of the threat the group poses to government networks. The federal government said the same group had reached “long-standing compromises” with companies when they targeted the energy, water and power sectors.