Cyberattacks during the war in Ukraine have unfortunately become a common occurrence. They affected most sectors of the economy and security.

Russia attacked Ukraine even before the first missiles hit the cities. First, there was an attempt to use “Vipers” to erase data from Ukrainian government websites. Then there was an attack on the satellite communications network.

The attack on satellite communications concerned not only our country. It revealed vulnerabilities in the global communications system, according to the Pentagon. Speaking on condition of anonymity, American officials said that it was the work of the GRU, the Main Intelligence Directorate of the Russian Federation.

The company Viasat, whose services were actively used by Ukrainian government officials at the time, was targeted. The main goal is believed to be to damage the command and control system of the Armed Forces and to complicate coordination between different units. But civilians in Ukraine and Europe were also affected, losing access to the Internet.

Since 24.02, 306 powerful cyberattacks have been recorded worldwide in 36 different sectors. Of these, 106 were in Ukraine. In fact, the real number is even higher.

Currently, 8 cyber threats are the most dangerous. They often aim to destroy data, disinformation, or use information weapons.

The general public is best known for DDoS attacks, but it is also important to mention Malware, Wiper, Ransomware, Cyberspionage, Cyber Enabled Information Operation, Hack And Leak, Defacement, among others.

Of course, the Russians are aware of this and are actively using all of the above. The attacks were carried out by 14 different institutions and groups (mostly under the control of the GRU and FSB, which also compete with each other in this matter).

Two cybercrime groups were identified separately. The power of cyberattacks depends on several important factors: the threat actor, motive and opportunity, professionalism of the cybercriminals themselves, funding, etc.

So which sectors of the Ukrainian economy have suffered the most?

– Public sector (104 attacks): The public sector was probably the second most targeted sector in Ukraine after critical infrastructure, both before the invasion and during the conflict;

-Media (31 attacks): attacks on the media sector were ruthless in their attempts to disrupt and/or influence Ukraine’s information space and the unity and awareness of Ukrainians. This was done by spreading disinformation and propaganda; disconnecting or disrupting services; the main goal was to limit access to timely, reliable and official information for the population;

-The financial sector (29 attacks): here, mostly DDoS attacks targeted important websites of financial institutions. On the other hand, there were several attacks on banks in Russia itself, with gigabytes of data containing personal information of individuals being posted online;

-Energy sector (26 attacks): the aim of such attacks is to damage and disable critical infrastructure, which in turn could leave the population and important public services without gas and electricity (e.g. hospitals, transport, fire stations);

-Transport (23 attacks): during the war, destructive attacks such as DDoS were documented against transport service providers on railways or at airports in various countries. So-called hacktivist groups have also targeted transport service providers linked to the mining/oil industry, compromising their systems, stealing data and publishing it online;

-Information and communications sector (22 attacks): since the beginning of the invasion, there have been documented cases of deliberate destruction of broadcasting infrastructure in Ukraine through physical attacks on it, and a number of cyber attacks on telecommunications providers have been documented. These attacks are being used as a means of preventing access to reliable information about the development of the war and the situation in Ukraine;

However, thanks to our cyber troops and the help of our partners, most of the enemy cyber attacks have failed or been effectively repelled.

Although there is no clear legislation that would make cyberattacks in time of war a war crime, it is still good practice to document and submit them to international courts.

The data on cyberattacks was taken from the NGO CyberPeace Institute.

Anna Mysyshyn, PhD in law, expert