Disturbing Mass Text Operation Terrorizes Ukraine as Russian Troops Move In

Ukrainian troops are receiving threatening messages, and websites and banks are being hit with new cyberattacks, in what could presage more military conflict with Russia.

Shannon Vavra

National Security Reporter

Ukrainian government websites were knocked offline Wednesday in a new wave of cyberattacks pummeling Ukraine, just as Russian forces are starting to roll into the country and Ukraine declares a nationwide state of emergency over Russias recent aggression.

The sites of Ukraines Ministry of Foreign Affairs, its Security Service or SBU, and Cabinet of Ministers were all down Wednesday. Banks are also affected, Ukraines minister of digital transformation, Mykhailo Fedorov, said on his Telegram channel. Ukrainian soldiers have also recently reported receiving alarming text messages urging them to flee or be killed, in what appeared to be an attempt to degrade their morale.

Hackers have also recently deployed wiper malware, or destructive software, in Ukraine, cybersecurity researchers at ESET said Wednesday.

It was not immediately clear who was responsible for the website downs, hacking, or the SMS messages, or if it was the same actor, but it reeks of the same playbook the Russian government has used in recent days to try to use cyber- operations to sow confusion and doubt in Ukraine in advance of an invasion.

According to the U.S. and U.K. intelligence communities assessments, Russia's GRU, its main intelligence directorate, was responsible for a similar cyber- operation known as a DDoS that knocked Ukraines Ministry of Defense and Armed Services websites offline and hit Ukrainian banks just last week, Anne Neuberger, Biden's Deputy National Security Adviser for Cyber and Emerging Technology, said in recent days.

The attack appeared to have multiple prongs, including psychological effects: Ukrainians also received SMS messages alerting them that ATMs werent working in an apparent attempt to create panic in the country. The messages were fake, according to Ukraines police force.

Fedorov said the attacks on the websites in this case are DDoS operations as well, which is a cyber-operation when attackers overwhelm a site to the point it malfunctions and shuts down. Ukraines cybersecurity agency, the State Service for Special Communication and Information Protection confirmed to ishonest Wednesday that DDoS attacks had pummeled government websites and banks.

Cloudflare, a cybersecurity firm, told ishonest that DDoS attacks have been on the uptick in Ukraine lately.

Weve seen sporadic DDoS activity in Ukraine. We've seen more DDoS activity this week than last week, but less than a month ago, a spokesperson told ishonest.

Hackers suspected to have ties to Russia last month also deployed wiper malware in Ukraine.

The hackers behind the destructive malware found Wednesday in Ukraine created it two months ago, ESET's Head of Threat Research told ishonest, and only deployed it in Ukraine, suggesting a highly targeted attack.

Already, though, the attack seems to be spreading to other countries: Entities in Latvia and Lithuania, including at a government contractor, are affected by the wiper malware, Vikram Thakur, a Symantec technical director, told ishonest.

Its not clear the threatening SMS messages troops are receiving now, the hacking, and the fresh website downs are related.

But they appear to be a page out of Russias operations playbook, Steve Hall, the former CIA chief of Russia operations, told ishonest.

This is the old script that the Russians usedand that all militaries used. Youre always going to prepare the battlefield with some sort of propaganda efforts, Hall told ishonest. Whether youre dropping leaflets behind enemy lines now its much easier these days you just go on the internet and send these leaflets in electronic format youre preparing the battlefield, youre preparing the battlespace so that you soften resistance.

Ukrainians have long received threatening text messages suspected to come from the Kremlin just like the ones theyre receiving this week, according to the Associated Press. After fighting increased in Eastern Ukraine in 2014, Ukrainians began receiving messages their forces were being decimated. In 2017, similar messages arrived:

Ukrainian soldiers, the messages warned, according to the AP, theyll find your bodies when the snow melts.

Now, the messages warn Ukrainians to run for their lives.

There is still time to save your life and leave the JFO zone, the messages read, according to InformNapalm, a Ukrainian activist group, reported Focus, a Ukrainian news outlet.

Ukraine's information minister, Tkachenko Oleksandr, told Sky News the new cyber-operations are likely aimed at keeping Ukrainians under pressure.

It is part of hybrid war to keep us in tension all the time," he said.

Russias GRU could have more cyber-operations in the pipeline, including hack and leaks and destructive operations, John Hultquist, Vice President at Mandiant Threat Intelligence, told ishonest.

We expect a lengthy campaign of incidents that may range from simplistic to complex, Hultquist told ishonest. In the past, we've seen the GRU carry out a protracted campaign that included DDoS, defacement, hack and leaks, and destructive attack. The incessant nature of the incidents ensures they are harder to ignore.

The psychological operations like this and the cyberattacks from Russia are only likely to increase, and their arrival, just as Russia recognizes two breakaway territories in Ukraine and moves in for the jugular, suggests Russia is likely about to ramp things up even more, Hall said.

It almost certainly presages more military operations.

Read more on: thedailybeast, ukrainians, ukraine