Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence

Dutch intelligence revealed that many cyber operations attributed to Russia against Ukraine and NATO members have yet to be publicly disclosed.

According to a joint report published by the Dutch General Intelligence and Security Service (AIVD), and the Military Intelligence and Security Service (MIVD), many cyber operations conducted by Russia-linked hackers against Ukraine and NATO members during the past year have yet to be publicly disclosed.

“Before and during the war, Russian intelligence and security services engaged in widespread digital espionage, sabotage and influencing against Ukraine and NATO allies.” reads the joint report. “The pace of Russian cyber operations is fast and many of these attempts have not yet become public knowledge. Ukrainian and Western digital defenses have so far been able to limit the impact of continued Russian attack attempts. Throughout the war, Russia has also found it difficult to synchronize cyber operations with other military operations, such as airstrikes. By far the largest part of Russian cyber operations is aimed at espionage to obtain military, diplomatic and economic information from both Ukraine and NATO allies.”

The state-sponsored hacking operations aimed at gathering intelligence on the adversaries, at conducting sabotage activities and misinformation campaigns.

The Rissia-linked threat actors targeted a broad number of organizations, including military and diplomatic agencies. Russian hackers aimed at gathering information on military support provided to Ukraine by NATO allies. The report states that Russian threat actors also targeted the Dutch armed forces, ministries and embassies, but the cyber espionage campaigns failed.

“The Russian cyber sabotage campaign against Ukraine is the most extensive and intensive in history. Moscow regularly attempts to digitally sabotage Ukrainian vital infrastructure and carries out constant wiper malware attacks.” continues the report. “The sustained and very high pressure that Russia exerts with this requires constant vigilance from Ukrainian and Western defenders. However, large-scale disruption has so far failed to materialize and the impact of cyber sabotage is dwarfed by the impact of physical military operations. The potential of cyber operations cannot be fully exploited by Russia. Russia is likely to struggle to synchronize cyber operations with other military operations, such as airstrikes.”

Ukrainian authorities were supported by Western intelligence services and cybersecurity companies, an aid that significantly increased Ukrainian digital defense.

The report highlights the interest of Russia-linked actors in influencing the political contest of Ukraine and NATO countries through deception, disinformation, and cyber operations.

The Russian intelligence services have succeeded several times in temporarily taking control of Ukrainian media broadcasts and broadcasting Russian propaganda messages. Then the hackers compromised these media. Russian threat actors also targeted critical infrastructure in the county, including the power supply.

“To hide their involvement in covertly spreading disinformation and propaganda through digital channels, Russian intelligence services employ many techniques they also use for cyber operations.” concludes the report. “In the case of the Information Operations Troops (VIO) of the Russian military intelligence service GRU, it is even partly the same units that are responsible for both cyber operations and covert influence.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Russia)