As Russia poured troops into Ukraine, the besieged country’s government was already thinking about a different way to strike back.
On February 26, Minister of Digital Transformation Mykhailo Fedorov launched the “IT Army of Ukraine”—an unprecedented invitation to the world’s hackers to go on the offensive against Russia for his country. The IT Army is the most highly visible force in what’s become a byzantine cyber conflict marked by a chaotic mix of players, impossible-to-verify claims of sabotage, and a scant number of visible hacks.
In fact, hacking has remained mostly on the margins in the first week of the war. Instead, Ukraine’s IT Army and all the other groups now declaring their intent to launch such cyberattacks have all played into a roiling propaganda war touching not just Ukraine and Russia but the entire world.
Ukraine’s strategy of seeking out an international brigade of hackers makes sense for a country under siege, experts say. Would-be participants are directed to a Telegram channel where objectives are laid out clearly in a series of messages. Targets for hacking and DDoS attacks are listed next to manifestos outlining how to wage information war on behalf of Kyiv. The list of targets includes government and financial institutions, meaning that Russia’s critical infrastructure is in the crosshairs. Over 270,000 people have subscribed to the channel so far.
Numerous ransomware gangs have also declared their intentions in the conflict. But again, although the messages instantly made headlines, none of the groups have carried out any visible, verifiable attacks. Though hacktivist collectives like Anonymous have been vocal about their own involvement, including claims to have breached Russian government databases, multiple such claims have been quickly debunked. But the grandiose proclamations and misinformation have successfully spread like wildfire. Frauds, liars, and grifters are adding to the chaos of the war.
The confusion extends to groups organized by prominent figures and even governments. The Belarusian Cyber Partisans, an anti-regime hacking group with a track record of real activity inside its own country, claims to be a part of a hybrid cyber-physical effort to sabotage railroads transporting troops. That’s been impossible to verify.
A Ukrainian cyber resistance group, organized by officials from Ukraine’s defense ministry, says it is targeting railroads and power grids inside Russia. It’s a bold claim not backed by any proof. Experts believe that only a few nations possess the capability to interfere with power grids by cyberattack.
Ghostwriter, a hacking group linked to Russia and Belarus, has been seen targeting Ukrainian politicians and military personnel—but the group has so far failed to achieve any meaningful success. An unknown hacking group used destructive wiper malware against Ukrainian government targets just hours before the invasion, according to Jean-Ian Boutin, head of ESET Threat Research, but the actual impact there remains unclear as well.
Kaspersky, Russia’s biggest cybersecurity firm, declined an interview request to discuss what its experts are seeing inside Russia. But something is happening: Russian foreign ministry spokeswoman Maria Zakharova told Russian media this week that the country is under attack by “cyber terrorists from Ukraine.”
“We’ve never seen all these different players coming out like this before,” says Adam Meyers, senior vice president at the US cybersecurity firm CrowdStrike.
But when millions of people in city centers are under heavy artillery bombardment, what’s the real value of leaked databases and crippled websites? And how much of an impact has this international “army” really had? It’s hard to tell. When the IT Army sends out an IP address, the target does often go down—usually sooner rather than later. Many Russian sites now work only within Russia itself because they deny all connections from abroad, a defense against international attack without historical precedent on this scale.
But denial-of-service attacks are technically simple, easily reversible, and far less destructive than Russian missiles striking city centers and Ukrainian Molotov cocktails being thrown to repel the invading army.
All of this plays into the information war happening in both countries and around the world. Russia’s attacks against Ukrainian government and financial institutions in the days before the invasion seemed designed to undermine confidence in Kyiv’s leadership. Likewise, the Ukrainian government’s attempts to take down Russian government sites and launch its own messages inside Russia amount to Kyiv’s brand of information warfare. Ukrainian resistance on the ground and on the cyber front is bolstered by support from the West, a crucial lifeline when the country’s capital is almost entirely surrounded.
“Cyber is a tool leveraged in warfare and spycraft,” Meyers says. “There is an open armed conflict happening. This is no different than Ukraine asking people to come to the country to get a Kalashnikov and help fight the Russians on the ground.”
But the picture looks a bit different when you’re in Washington or London. For years Western governments have condemned cyberattacks from Russian soil. What happens now that Ukraine is openly appealing to hackers for help?
“Despite the United States government saying ‘We’re not allowing hacktivists to use American routers to do DDoS attacks on your state propaganda sites,’ Russia is probably not going to believe that,” says Michael E. van Landingham, a former Russia analyst at the CIA. “Russia uses cyber tools as an extension of state power. And Russian leaders mirror-image a lot. I think they’ll perceive attacks from Anonymous or any Western collective as attacks that Western governments promote.”
Much of what the IT Army of Ukraine is promoting is clearly a crime in the United States and every Western country. But the situation raises more than legal questions; it also forces new moral and geopolitical questions to the forefront.
“Governments in the West should strictly enforce laws against hacking against anyone who would attempt to deface or DDoS Russian sites or do anything [illegal] in the cyber realm,” says van Landingham. “That’s the only signaling we have to show it wasn’t a CIA plot, it wasn’t a Cyber Command attack—here’s the person, and here’s what we’re doing about it.”
Despite the chaotic environment, the seeming lack of verifiable major cyber operations coinciding with Russia’s invasion of Ukraine is one of the big unknowns looming over the entire war. Russia has launched devastating cyberattacks on Ukraine in recent years but so far has stuck with traditional warfare since its invasion. The question is whether it may still turn to cyber in the coming weeks and months as the war drags on.