In recent weeks, Europe seems to have traveled back in time. The Cold War, which seemed to end with the fall of the Berlin Wall, occupies an increasingly important space in the news and the possibility of an armed conflict breaking out between Russia and Ukraine, which would end up involving the United States and other countries of Europe has gone from looking like a war movie script to becoming a very real possibility.
But while all this is happening, a cyber war has been waged on the Internet for years, pitting an army of Russian hackers against companies and institutions from the former Soviet republic. In recent months, attacks have escalated both in number and importance and what is worse, as MIT analysts explain, could escape their initial objectives to end up affecting more countries and strategic facilities.
On January 15, the MSTIC (Microsoft Threat Intelligence Center) sounded the alarm, assuring that it had found evidence that pointed to a sophisticated security operation. malware destructive attack directed at multiple organizations in Ukraine.
According to the MSTIC the malware identified is designed to resemble a ransomware, but it lacks the recovery mechanism that would allow the victim to recover their data once the alleged payment has been made. In other words, it has the sole intention of being destructive and has been designed to disable the devices it infects, without any ransom demand. And although Microsoft did not want to directly point to Russia as the perpetrator of the attack, the chances of this being the case are not exactly slim.
A few days later, the US Cybersecurity and Infrastructure Security Agency (CISA) alerted critical infrastructure operators in the United States to take “urgent and short-term measures” against an imminent cyber threat, citing cyber attacks on Ukraine as the main reason. to keep US defenses on alert.
The precedents: NotPetya and WannaCry
The warning given by the American authorities is based on the fact that in a cyber war it is very difficult to control the consequences of an attack and it is not surprising that an attack directed at one party to the conflict ends up affecting other countries that may be or not involved in it.
Precisely in the case of Ukraine, there are precedents that should be taken seriously. In 2017, at another time of maximum tension between Moscow and Kiev due to the conflict between the Ukrainian army and the militias armed by Russia, cyber warfare played a prominent role, with the development of two of the malware most dangerous of the last decade: NotPetya and WannaCry.
As the world would soon find out, these two malicious programs would eventually escape their ‘original purpose’, spread across the Internet at breakneck speed and cause billions of dollars in financial losses worldwide. That something like this could be repeated is therefore on the radar of the main security agencies around the world and to a certain extent, it is more worrying than a possible armed conflict.
It’s not exactly a secret that Ukraine has been the target of complex Russian cyber-attacks since at least 2014. In 2015 and 2016, cyber-attacks originating from Moscow managed to put the entire country’s electricity grid in check, and left without power the capital for several days. After that attack, the potential of NotPetya and WannaCry was revealed to the “hacker world” and in many ways, we are still suffering from the consequences.
Whispergate: the “fashionable” malware
We mentioned that the new malware that on this occasion organisms such as MSTIC have detected, behaves like a ransomware presenting, however, some differences, such as the fact that its sole purpose is to leave the machines inoperative.
known as WhipGateAccording to experts, this development “reminds” NotPetya, even in the technical processes that destroy the infected computer, but there are notable differences, such as WhisperGate being less sophisticated and not designed to spread quickly in the same way.
In this sense, it is worth remembering that NontPetya left the country’s ports inoperable and collapsed the work of large multinationals and government agencies. Almost all companies doing business with Ukraine were affected, as Russian hackers introduced the virus into programs that were to be used to process tax payments.
In this case, the attacks would be much more targeted at specific critical infrastructures and it is not clear whether Whispergate could escape the control of the Russian groups that are currently using it intentionally or not. In any case, and as they also assure from MIT, in the coming weeks we will see high cyber activity coming from the Russian military agency GRU. TO sanworm, one of its best-known hacker groups, is attributed, among other things, to the interference in the last French and American elections or the hacking of the opening ceremony of the last Olympic Games in Tokyo.
It is key, however, to understand whether Russia’s intention at this time is going to “limit itself” in its attacks on its neighboring country or if, in a calculation that can only be speculated, it could lead it to attack other countries if the situation worsens. .
Russia has repeatedly shown that when it comes to cyber warfare, it has a wide and varied set of resources. Sometimes they settle for something as simple but effective as a disinformation campaign, designed to destabilize or divide their adversaries. But they are also capable of developing and deploying some of the most complex and aggressive cyber operations imaginable.