Russia Cyberattacks Have Long Targeted Ukraine

Phil Neray is vice president of cyber defense strategy at CardinalOps. He said adversary groups like Sandworm, a unit of Russian GRU military intelligence, have been using wiper malware in Ukraine since at least 2015.

“KillDisk malware was first used to target and sabotage industrial control systems/supervisory control and data acquisition (ICS/SCADA) networks in Ukraine in December 2015, and later used to attack Ukrainian banks in 2016,” he said. “In February 2022, an updated version was used in destructive attacks against Ukrainian networks just as Russia moved its troops into Ukraine. However, the reason recent attacks haven’t caused more widespread damage is that Ukraine has significantly boosted its continuous security monitoring capabilities in the past few years, with the technical assistance of Western allies, so they can quickly detect these attacks and respond to them before they can have a major impact. They also moved their critical data from on-premises servers to the cloud, where it could be better protected. Gaining more high-fidelity detections at all security layers – endpoint, network, email, identity and access management (IAM), cloud – and moving to the cloud are the key lessons we can take from the past year.”