Russia Is Preparing a Huge Cyberattack, Ukraine Warns

A laptop displays part of a code, which is the component of the Petya malware computer virus, according to the Ukrainian cybersecurity firm ISSP, at the firm's office in Kiev, Ukraine, on July 4, 2017. Ukraine has become a battlefront in the emerging cyberwarfare arena REUTERS/Valentyn Ogirenko

Ukrainian cyber police have alerted the world to what they believe is an imminent Russian hacking attack.

The head of the country's cyber police, Serhiy Demedyuk, told Reuters Tuesday that Russian agents had been detected laying the groundwork for a huge coordinated strike targeting a wide range of companies, including banks and energy infrastructure targets.

Ukraine has become one of the main battlegrounds in the emerging cyberwarfare arena, with Russian hackers regularly attacking Ukrainian military, commercial and civil targets. The most significant event was the 2017 "NotPetya" virus, which crippled government agencies and a range of companies before spreading around the globe, causing billions of dollars in losses.

Given the interconnected nature of global networks, any attack that starts in Ukraine could find its way around the world. Last month, for example, hundreds of thousands of routers and network-attached storage devices worldwide were infected by the "VPNFilter" malware. The software can spy on traffic and, if its controller decides, destroy the infected devices. Russia is widely believed to have been behind the malware.

Demedyuk said phishing emails containing viruses were being sent from the website domains of legitimate state bodies that were hacked and hijacked. Agents were also sending emails from fake domains set up to mimic the real agencies.

The malware is broken up into separate smaller files to make it harder to detect. The smaller files can then all be activated together once successfully hidden in the target network.

"Analysis of the malicious software that has already been identified and the targeting of attacks on Ukraine suggest that this is all being done for a specific day," Demedyuk believes, though he did not specify when this may be.

"On the face of it, there is nothing happening here that does not happen all the time anyway," explained Keir Giles, an expert in Russian cyber and information security at the Chatham House international affairs think tank. That said, Demedyuk's assertion that the infiltration is in preparation for one single attack is unusual, Giles told Newsweek.

An armed man patrols at the Simferopol airport in the Crimea region February 28, 2014. Ukraine has been a choice target of Russian cyber warfare since the seizure of Crimea sparked an ongoing war between the two nations in eastern Ukraine. REUTERS/Baz Ratner

Demedyuk suggested that Ukraine's Constitution Day, which will be celebrated this Thursday, could be the timing for the attack, as could Independence Day on August 24. Previous Russian cyber operations have coincided with national holidays, he explained.

If he is correct, Demedyuk believes this could be preparation for another NotPetya-scale assault. "This is support on a government level—very expensive and very synchronized. Without the help of government bodies, it would not be possible. We're talking now about the Russian Federation," he said, noting that "99 percent of the traces come from Russia."

Though cooperation with NATO nations such as the U.S. and U.K. has given Ukraine some level of defence, Demedyuk warned the country is still vulnerable—not least because some companies have still not removed traces of NotPetya from their systems, meaning it could be reused by an attacker. He urged Ukranians to "come to your senses, check your equipment."

Giles told Newsweek that basic software maintenance and good cyber security habits go "a long way" towards defending against attacks. However, he emphasized this "will not deal with the more sophisticated levels of attack, particularly if it involves the advanced 'spear phishing' we are seeing very commonly from Russia." Spear phishing is like regular phishing, with the difference that the virus-laden email comes from a trusted—or seemingly trusted—source.

The attacks on Ukraine are a window into Russia's expanding cyber clout, which the Kremlin has been cultivating since long before the seizure of Ukraine. Russia considers itself "in a state of war in the information domain—which includes cyber," Giles said. Russia has been "extremely busily stockpiling and building up all of these latent capabilities for causing damage" at a time of its choosing, he added.

When considering Russia's cyber reach, it is vital to consider not just the country's level of technology but also its willingness to use it. "If you factor the two together, Russia becomes very much more dangerous" than its level of capability might initially suggest, Giles said.