On July 8, Ukraine marked the 500th page in its resistance against the large-scale Russian invasion. It has been 500 days since the war shook all regions of the country, and the Kremlin’s aggression has become a challenge not only on the battlefield but also in cyberspace. Attacks on government websites, phishing terror, dissemination of misinformation online, and the activation of bots — Russia has attempted to destabilize the situation in Ukraine using all available means, trying to spread panic among the population and undermine the trust of Ukrainians in the Armed Forces, the President, and Western partners. And they continue to do so.
Russian cybercrimes not only threaten Ukraine’s national security but also violate the rights of Ukrainians online — their digital rights.
The public organization Human Rights Platform has been collecting and analyzing information on potential violations of citizens’ digital rights since the beginning of the full-scale invasion. The results of this monitoring are presented in analytical reports called War in the digital dimension and human rights. From February 24, 2022, to May 31, 2023, the organization has published 12 monitoring reports, all of which are available on website of the Human Rights Platform.
Internet terrorism
Russian hackers have made significant efforts to disrupt the normal functioning of critical infrastructure objects in Ukraine, particularly in the energy and financial sectors, as well as in the provision of government services.
According to calculations by the State Special Communications Service of Ukraine, which the Human Rights Platform receives monthly in response to its requests, during the first four months of the full-scale war, Russians attempted to interfere with Ukrainian networks nearly 800 times. The government and local authorities, the security and defense sector, the financial sector, commercial organizations, and the energy sector were the most targeted in these attacks. Additionally, cybercriminals caused damage to transportation infrastructure and telecommunications.
The pace of cyberattacks targeting Ukraine is steadily increasing. They are already being recorded in millions — in the first five months of 2023, the State Special Communications Service of Ukraine reported more than 85 million attacks on the government sector and social media sites. While at the beginning of the full-scale invasion, the attacks were aimed at military targets to disrupt Ukrainian military communications, over time, hackers increasingly started targeting service portals that people use in their daily lives and informational resources.
This year, attacks have been detected on the Ministry of Culture and Information Policy, the Ministry of Environmental Protection and Natural Resources, the email system of the judicial system of Ukraine, and the Ministry of Justice. Hackers also attempted to infiltrate the networks of the Institute of Mass Information and the project Ukraїner, which serves as a platform for stories from Ukraine for the entire world. Ukrainian media outlets were also subject to cyberattacks, including the news agency Ukrinform, and Internet publications News.pn, NikLife, and Suspilne in Mykolaiv.
By the way, Suspilne website had already stopped working temporarily on March 1, 2022 — precisely on the day when Russian troops shelled the Kyiv TV tower — indicating the coordination of hacking attacks with armed aggression. Another example of such coordinated attacks mentioned by the State Special Communications Service is the Russian interference in the networks of DTEK last summer.
Ukraine considers the cyberattacks by Russia on critical and civilian infrastructure, carried out simultaneously with missile strikes, as military crimes. Relevant information is being gathered and transmitted to the International Criminal Court in The Hague.
See also: War experience: How Ukrainian operators learned to quickly restore mobile and Internet communication
Kremlin hackers target both Ukraine’s government systems and its ordinary citizens. They do this most actively using phishing, a favored tactic of Internet criminals.
There are various types of phishing, but the most common one is phishing through emails. Hackers send malicious hyperlinks or attachments that, when opened, launch a program that provides access to data or can even paralyze entire IT systems. At first glance, such links and attachments may appear to be safe files, such as resumes or bank statements.
Using phishing, Russian intelligence services attempt to gather as much information as possible about Ukrainians, with a focus on personal data. In the first five months of this year, the Cyber Police Department of the National Police of Ukraine received over 15,000 reports from citizens who fell victim to phishing attacks.
As evident from the report War in the digital dimension and human rights for February 2023, Ukraine’s Computer Emergency Response Team (CERT-UA), operating under the State Special Communications Service, detected a massive distribution of dangerous emails allegedly coming from the Pechersk District Court of Kyiv. These emails contained attachments in the form of rar archives, and upon opening them, a program for remote control and data theft was installed on the user’s computer. In February, CERT-UA experts also identified a hazardous website that imitated the official web resource of the Ministry of Foreign Affairs of Ukraine and through which criminals attempted to steal data.
Information as a weapon
Russia accompanies its armed aggression with a massive information war against Ukraine. Every month, experts from the Human Rights Platform record over 150 disinformation messages that Russia disseminates online to shape public opinions and sentiments among Ukrainians, advantageous to the Kremlin. To achieve their goal, propagandists use diverse information resources and engage a substantial number of people in this effort.
For example, as shown by the monitoring of digital rights compliance, in March 2023, the Security Service of Ukraine exposed a bot farm in the Khmelnytskyi Oblast, which was spreading fake news about the war in Ukraine. Over 2,000 bots were used to disseminate misinformation about the situation on the frontlines and to urge Ukrainians to evade mobilization. Additionally, the pro-Russian group engaged in discrediting the military-political leadership and units of the Ukrainian Armed Forces. The services of the bot farm were commissioned by representatives of Russian intelligence services. They purchased fake accounts and used them on popular social media platforms, pretending to be ordinary Ukrainians. Then, in May, the Security Service of Ukraine dismantled a network of bot farms with an audience of nearly 200,000 users, which was spreading disinformation to destabilize the socio-political situation in Ukraine.
In the first months of the large-scale invasion, the fakes encountered online primarily justified Russian aggression through “de-Nazification” of Ukraine and a supposed “threat” from NATO. These fakes spread panic in Ukrainian society and intimidated the world with fabrications about supposed biolabs operating in Ukraine. However, towards the end of 2022, the Kremlin’s rhetoric began to change as defeats on the frontlines forced Russians to seek new topics to somehow justify their own failures and shift responsibility for their crimes onto the Ukrainian Armed Forces.
In 2023, Russian propaganda persistently spread messages of disillusionment among Ukrainians regarding the Ukrainian army, victories, and support from international partners. It aimed to undermine people’s trust in central government and local authorities and create a negative image of Ukraine as a country controlled by the West. The Kremlin stopped portraying itself as “saving Ukraine from neo-Nazis” and, in its fabricated information space, now portrays itself as “fighting against the West.”
Supplying Ukraine with weapons by foreign partners and the Ukrainian Armed Forces’ counteroffensive are currently also relevant topics for spreading fakes in pro-Russian media and anonymous Telegram channels. Ukrainians interpret such messages in their own way, believing that the more Russians escalate in the information space, the weaker they are on the frontlines. At least, this was the case last year when Ukraine celebrated the liberation of Kherson. However, during that time, the Kremlin was preparing a new information operation for Ukrainians and the world, built on scenarios of undermining the Kakhovka Hydroelectric Power Plant.
On the night of June 5 to 6, the dam was indeed blown up, and the tragedy became the main global news. Russian troops resorted to their usual tactics, claiming, “it’s not us, but Ukrainians who harmed themselves.” More about the disinformation messages that accompanied this event in the online space can be read on the website of the Human Rights Platform in the analytical report War in the digital dimension and human rights for June.
Currently, a new information operation is underway in cyberspace, this time revolving around the question “What will happen to Zaporizhzhia Nuclear Power Plant?” Ukraine’s task in the cyberwarfare is to promptly counter Russia’s actions, just as they do on the battlefield. Being vigilant in the Internet space is the responsibility of each Ukrainian citizen.
The Human Rights Platform continues to collect, investigate, and summarize data on events that impact the digital rights of citizens in the context of war. Additionally, media lawyers at the Human Rights Platform are working to protect freedom of speech, expression of opinions, and the right to access public information — rights and freedoms guaranteed by the law but are sometimes restricted due to the full-scale Russian invasion and threats to national security in Ukraine, and not always lawfully restricted.
Originally posted by Iryna Shatalova on LB. ua. Translated and edited by the UaPosition – Ukrainian news and analytics website
