The Cyberwire reported: "Victor Zhora, deputy chairman and chief digital transformation officer at Ukraine's State Service of Special Communication and Information Protection (SSSCIP) --effectively Kyiv's cybersecurity lead-- said at Black Hat that Russian cyber ops would continue long after the end of kinetic combat.
"Russia will continue to be dangerous in cyberspace for quite a long period, at least until a complete change of the political system and change of power in Russia, converting them from an aggressor to a country which should pay back for all they've done in Ukraine and also in other countries," the Register quoted him as saying.
Zhora divides Russian cyber operations into five phases:
- Preparation. This began on January 14th, 2022, with WhisperGate wiper malware deployed against IT infrastructure and culminating in denial-of-service attacks that included, by Zhora's reckoning, the cyberattack against Viasat services. The influence campaign of this phase sought to induce fear, to get Ukrainians to "expect the worst."
- Disruption. This phase, beginning in late February and continuing through the end of March 2022, was marked by wiper and distributed denial-of-service attacks.
- Targeted attacks against infrastructure. This third phase, beginning in April 2022, saw a lower cyber optempo, but more sophisticated, more targeted attacks against infrastructure, including but not limited to the power grid.
- Cyber attacks coordinated with kinetic strikes. The second half of 2022 was marked by cyberattacks that sought to hit critical infrastructure (especially water and power) while it was stressed by missile strikes. It culminated just before the new year.
- Cyberespionage. The war is currently in this phase, marked by a shift away from destructive attempts and toward collection and cyberespionage.
All five phases have seen influence operations conducted in Russia's interest.
