Top Ukrainian cyber official praises volunteer hacks on Russian targets, offers updates

Ukraine's Victor Zhora said the so-called IT Army has done "useful" things, and he offered information about the "CaddyWiper" incident.
Ukraine, Russia, IT army
A Ukrainian serviceman stands guard at a military checkpoint in the center of Kyiv on March 15, 2022. (Photo by FADEL SENNA/AFP via Getty Images)

The Ukrainian government’s cyber efforts are focused on defense, not offense, a top official said Tuesday, but leaders are “grateful” for offensive actions taken by private hackers within Ukraine and around the world, “since every means and every scenario which will be used to weaken the military potential of Russian aggressors is useful.”

Victor Zhora, the deputy chairman of the State Service of Special Communications and Information Protection of Ukraine, told reporters in a briefing Tuesday that the Ukrainian government’s cyber capabilities are focused on protecting its critical infrastructure and government services.

Zhora referenced the “IT Army” — a broad collection of volunteers who have joined a Telegram channel that shares potential targets and updates on cyber issues, such as possible distributed denial-of-service targets — but he did not talk about offensive hacking efforts reportedly coordinated through the Ukrainian defense ministry in conjunction with Ukrainian cybersecurity expert Yegor Aushev, as reported by Reuters.

Zhora said Tuesday that IT Army volunteers are conducting other operations besides offensive actions. “A lot of people are helping us in OSINT,” he said, referring to open-source intelligence gathering, “in delivering of truth, of real content on Russian war crimes in Ukraine to Russian audience which hidden behind constant lies behind Russian media.”


Zhora also said it was too soon to assess the full damage from the wiper malware made public Monday by cybersecurity firm ESET, the third reported instance of wiper malware to target Ukrainian systems in recent weeks. This malware, labeled “CaddyWiper,” was launched by the Russians on “already compromised systems,” the Ukrainian Computer Emergency Response Team said in a Facebook post Tuesday. There’s just one confirmed infection of this particular wiper, Zhora said, “but we are confident there will be more,” he said. The attackers were focused on a “financial organization,” Zhora said, but he didn’t offer additional details.

Zhora also told reporters that a cyberattack on a satellite network connected with broadband and satellite internet in Ukraine in the hours before the invasion resulted in a “huge loss in communications in the very beginning of the war,” and declined to offer additional detail.

That attack, which targeted modems used to communicate with Viasat Inc.’s KA-SAT satellite, is currently under investigation by several western intelligence agencies, Reuters reported March 11.

Zhora said Tuesday that the Ukrainian government needs more evidence and detail to official attribute the attack, which “will be useful in international crime courts.”

“I don’t need any additional proofs that Russia was targeting Viasat, as well as other companies,” Zhora added. “We understand they’re focusing on satellite communications, they are focusing on ISPs, they are focusing on mobile operators” to destroy infrastructure and prevent Ukrainian armed forces from being able to effectively communicate.

Russia declared war against Ukraine on Feb. 24., 2022. Before, during and after the military campaign began, the CyberScoop staff has been tracking the cyber dimensions of the conflict.

This story was featured in CyberScoop Special Report: War in Ukraine

Latest Podcasts