The United States and the United Kingdom accuse Russia of being behind the cyber denial of service (DDoS) attack that hit two banks and the Ukrainian Ministry of Defense on February 15, 16. Given the explosive context between the two countries, the Kremlin was already the number one suspect, technical elements would confirm this.
Attributing a cyberattack is not a trivial diplomatic act
The British Foreign Office has published a communicated on February 18 to report that “ Analysis of technical information shows that the GRU [le renseignement militaire russe] was almost certainly involved in the disruptive DDoS attacks “.
Russian hackers targeted US companies with secret-defense clearance
In parallel, CBS News relayed the statement of Anne Neuberger, US Deputy National Security Advisor, indicating that the GRU ” was seen transmitting large volumes of communication to IP addresses and domains based in Ukraine “.
The British insisted on the meaning to be given to their approach, “ The decision to publicly attribute this incident underscores that the UK and its allies will not tolerate malicious cyber activity. “. Deciding to point the finger at a state is a far from trivial political and diplomatic decision: attribution of a cyberattack is difficult and certainty is almost impossible.
The denial of service attack itself was pretty cheap. The damage was limited, the online services of the two banks and the Ukrainian Ministry of Defense quickly became accessible again.
Ukraine nevertheless reported that it was the largest of its kind recorded on its territory. CERT-Ukraine, the country’s computer emergency response team, has released a report on the event indicating the use of malware, the Mirai botnet. The targeted sites received three times more requests than normal.
Russia adept at hybrid warfare
John Hultquist, vice president of intelligence analysis at Mandiant, told the microphone of CBS that this type of cyberattacks “ are not an end in themselves “. According to him, ” The disruptions they cause are designed to intimidate and undermine morale “. Anne Neuberger expressed fears that the cyberattack is the prelude either to a larger and more complex operation in cyberspace, or to an invasion of Ukraine by Russia.
The US representative was not the only one to dread this prospect. Without linking it to the cyberattack, the weekend of February 19 and 20 the American authorities repeated their concerns several times. France and Germany have asked their nationals to leave the country.
The night of 20 to 21 the Élysée announcement the agreement in principle of Vladimir Putin and Joe Biden for a meeting, before the slightest invasion. The Kremlin would also have accepted the resumption of diplomatic exchanges in the Normandy, Russia, Ukraine, France, Germany format.
The situation remains very tense and extremely fluid. Despite the scheduled end of a joint military exercise between Russia and Belarus, Putin’s troops are not expected to leave the country. The Kremlin estimated a meeting of presidents premature, February 21. One thing is certain, if Russia decides to invade Ukraine, cyberspace will play its part in the “hybrid warfare” model that the Kremlin likes.