The Russian government is planning “massive cyberattacks” against Ukrainian critical infrastructure facilities to “increase the effect of missile strikes on electrical supply facilities,” the Ukrainian government said Monday.
The Russians are also planning to “increase the intensity of the DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic state,” the country’s Defense Intelligence agency said in a statement posted to a Ukrainian government website.
“The experience of cyberattacks on Ukraine’s energy systems in 2015 and 2016 will be used when conducting operations,” the agency said in the statement. Russian military intelligence hackers infamously targeted the Ukrainian power grid in the 2016 “Industroyer” attack, which followed the December 2015 BlackEnergy attacks.
“By the cyberattacks, the enemy will try to increase the effect of missile strikes on electricity supply facilities, primarily in the eastern and southern regions of Ukraine,” the agency said Monday. “The occupying command is convinced that this will slow down the offensive operations of the Ukrainian Defence Forces.”
Top Ukrainian cyber officials told reporters in April the county thwarted a planned attack aimed at taking out multiple electricity substations and other parts of a grid serving up to 2 million people. The group behind the attack, Sandworm, had modified and updated the Industroyer malware from 2016, researchers said at the time, and had also planned on using destructive malware to obfuscate any analysis and make the systems inoperable and unrecoverable.
Ukrainian government officials did not immediately respond to a request for additional detail Monday morning.
Monday’s warning comes days after Russian President Vladimir Putin announced a call-up of roughly 300,000 military reservists and issued a veiled threat of using nuclear weapons as Russia has lost ground in the eastern and southern parts of Ukraine over the course of the last several weeks.
“Many of the disruptive and destructive cyber attacks we have seen thus far have been disrupted, isolated, or largely limited to Ukraine, where there is intense focus,” said John Hultquist, the vice president of intelligence analysis at Mandiant. “With a few exceptions, we have not seen the scaled, serious attacks we expected even before the war began. There is still significant room for Russia to escalate, especially with regards to Ukraine’s allies. So far, Russian cyber attacks outside of Ukraine have been very restrained.”
That said, Hultquist added, “Russia is under enormous pressure and cyber attacks may give them a means to respond without risking serious military consequences.”
Multiple European countries have dealt with DDoS attacks from what they’ve said are Russian or pro-Russian groups, including Norway, Romania, Italy and others.