The Russian invasion of Ukraine is arguably the first true Hybrid War where strategies combine conventional warfare operations with cyber warfare operations. There are military combats with weapons, missiles but also computer attacks.
Since the start of the war in Donbass in 2014, Ukraine has become the favorite target of Russian hackers, their favorite training ground. On the night of the invasion of Ukraine by Russia, on February 24, 2022, three Ukrainian ministries, including that of Internal Affairs, were attacked by a computer virus undoubtedly aimed at spying on, and in any case destroying their data. Authorities saved sensitive content by exfiltrating it just in time. The European Union, in the same way that it sends weapons to Kiev, has deployed experts to support the Ukrainians in their cyber defense.
On the spot, a computer army from Ukraine has also risen in recent days with a Telegram channel and more than 250,000 technicians, engineers, or simple geeks mobilized, joined by the hacker collective Anonymous. "We are a huge group of volunteers determined to support Ukraine and its government in the face of Russian cyberattacks, and also to fight back. Some in the group speak Ukrainian, or Lithuanian, or English", explains Nazar who from Kiev, is part of this armed cyber resistance.
"We even have among us Russian volunteers who don't agree at all with this war and Putin's policy."
Nazar, a Ukrainian engaged in cyber defense against Russia
Some actions relate more to communication operations. As when members of this group broadcast, for a few seconds, on several Russian televisions the Ukrainian anthem sung at full throttle with blue and yellow flags on the screen. Or when they bombard the sites of restaurants or museums located in Russia, for example, comments with concrete information on the situation in Kiev, Kharkiv or Odessa or even messages of support for the army and the Ukrainian resistance.
JUST IN: #Russian state TV channels have been hacked by #Anonymous to broadcast the truth about what happens in #Ukraine. #OpRussia #OpKremlin #FckPutin #StandWithUkriane pic.twitter.com/vBq8pQnjPc
— Anonymous TV February 26, 2022
But other operations have consequences on the real war which is fought on the ground with guns and missiles. This was the case when hackers in recent days brought down the website of the Belarusian railways disrupting the convoy of Russian soldiers to Ukraine. Because cyberspace is by definition borderless, online attacks can have repercussions well beyond Ukraine's borders. Moreover, on the day of the Russian invasion, February 24, a satellite which is used by the Ukrainian army – but not only – was cyberattacked. Consequence: many Europeans including 10,000 French deprived of internet since that day, and malfunctions on some wind turbines in Germany.
Faced with the threat, French companies are turning to cybersecurity companies that are overwhelmed with demands. Already before the war, they were very much in demand and struggled to recruit engineers sufficiently qualified to meet all these demands. At Almond, a company created twenty years ago and based in Sèvres (Hauts-de-Seine), some of the 200 employees are currently busy calling all customers to provide them with the emergency protection measures to be applied to avoid any attack from the East on their networks and in their information systems. Their vigilance is necessarily even greater and their advice even more precise when it comes to companies in the communication, finance, energy and defense sectors.
War in Ukraine: "The risk of cyberattack is high" in France warns the Ministry of the Interior
Among his advice, Mathias Garciau, one of Almon's managers, recently warned about one of the five most used and popular anti-viruses in the world: Kaspersky. This anti-virus is designed and edited in Russia. The engineer most often recommends replacing it with another anti-virus: "Two reasons for this: Russia is economically isolated from a computer point of view and the updates of this anti-virus risk to become very complicated. And then, given the diplomatic context, we cannot exclude that this anti-virus is used for malicious purposes by the Russian government".
Mathias Garciau also recommends ideally "to only exchange by text and telephone with employees located in Russia or Ukraine".
"You need a total disconnection, an isolation of employees located in these areas that have become sensitive. For example, they must be excluded from the company intranet when it is international".
Mathias Garciau, cybersecurity expert
And for any employee repatriated from Russia, a complete cleaning of his computers and mobile phones is desirable. Sometimes it is even advisable to throw them outright. Vigilance is therefore required even if for two weeks, we have not been in the total cyberwar that could have been feared.
Hackers in the service of Moscow, however, have already proven their ability to carry out massive attacks. In 2015, they caused giant blackouts in Ukraine. In 2017, malware called NotPetya crippled the country's economy. In 2018, they caused serious incidents in water purification plants. And sometimes these viruses spread abroad. Saint-Gobain, Auchan and the SNCF have already paid the price.
In France, laws – in particular the GDPR (General Data Protection Regulation) – have been passed in recent years to oblige companies to protect their information systems and the data of their customers. If they don't, they risk heavy fines. "Especially those called OIVs: operators of vital importance", explains Gerôme Billois, cybersecurity specialist at Wavestone. "Since 2014, the State has identified 200 structures – small or large companies or public organizations – that make France work. These are the structures that provide transport, the distribution of electricity, water, These structures are required to have attack detection capabilities to stop them before they harm the systems", specifies this expert.
For eight years, large sums have been invested and France is one of the countries with the strongest cyber protection. “In recent days, the threat detection teams, at the request of the authorities, have been further reinforced to provide a 24/7 service because cybercriminals do not have timetables”, underlines Gerôme Billois . As the French presidential election approaches, Paris also remains on guard to prevent Russian hackers from interfering in the election through hacking.
If cybersecurity seems to be the business of authorities and experts, it is in fact everyone's business. ANSSI, the National Information Systems Security Agency, recently published an awareness bulletin. Anyone working with a computer and on the internet is actually affected.