Two-year anniversary of the Russia-Ukraine war: cyber threat considerations

Tomorrow (24th February 2024) will mark the two-year anniversary of the Russian invasion of Ukraine. With regional tensions likely to ramp up on this date, both private and public sector organisations in the West should be aware of the threat posed by Russia-affiliated sabotage efforts, as well as hacktivism that we have assessed to likely escalate to mark the anniversary. 

There are three key trends we’ve observed in the run-up to this anniversary. Firstly, hacktivism has emerged as a staple within ongoing conflicts, with threat actors applying disruptive efforts to influence perceptions and policies without intending serious harm. Secondly, the surge in hacktivist operations targets nations based on their geopolitical stance and support for regions such as Ukraine, resulting in a complex digital battleground. Thirdly, analysis of attacks has revealed a nuanced landscape of “proportionate” and “disproportionate” hacktivist targeting in alignment with Ukrainian support, indicating the strategic motivations behind cyber campaigns. 

Hacktivist threat landscape 

The hacktivism landscape has developed dramatically in recent times, intensified by recent geopolitical conflicts, such as the war against Ukraine. Hacktivist collectives, at both the non-state and state-backed level, are leveraging digital platforms to propagate social agendas, blurring the lines between cyber activism and cyberterrorism. 

Impacted sectors 

Cyberspace will almost certainly continue to exist as a second front for the Russia-Ukraine conflict. It is highly likely that Russia-aligned cyber operators will launch attacks against Ukrainian infrastructure and its supporting Western assets on 24th February to mark the anniversary. This is especially true for the Defence and Aerospace sectors, as they have a direct impact on the course of events of kinetic warfare engagements. 

Further, it is highly likely that hacktivist targeting will involve Russia-aligned cyber actors concentrating efforts against NATO-supporting states. Their aggressive approach will focus on the government, defence, and energy sectors in retaliation to ongoing sanctions. 

The Russia-aligned NoName(057) hacktivist group is worthy of a special mention as they have emerged as a substantial threat to the sectors mentioned above. NoName(057) offensive efforts, involving their modus operandi of distributed denial-of-service (DDoS) attacks, will likely be launched with greater volume than usual on 24th February with the objective of protesting against opposing government policies and disrupting the critical national infrastructure (CNI) of states perceived to be in opposition to their socio-political agenda. 

Mitigation strategies 

It is strongly recommended that both public and private sector businesses implement the following mitigation strategies to bolster their security posture against disruptive hacktivist efforts: 

• DDoS Mitigation: Apply DDoS mitigation solutions to combat sudden network traffic surges. These can include load balancing, traffic filtering, and content delivery networks to ensure company services remain accessible during attacks. 
• Attack Surface Management: Update and secure company assets, emphasising websites which are the primary target for web defacement and DDoS attacks. Implement strong authentication protocols, such as multi-factor authentication (MFA), and monitor internet-facing assets for unauthorised access. 
• Data Protection: Safeguard sensitive data with encryption, access controls, and regular security audits.  
• Employee Training: Train employees to detect markers of social engineering tactics to raise awareness and reduce the risk of hacktivist efforts. 

Outlook 

It is highly likely that hacktivist operations will continue to surge in 2024, in alignment with key issues such as the ongoing conflict between Moscow and Kyiv. Nation states will likely attempt to leverage these campaigns as they provide plausible deniability and the potential for disruption. Furthermore, the resurgence of DDoS-for-hire services will likely enhance hacktivist efforts in 2024 as access to more powerful tooling becomes more readily available.  

With the UK-based International Institute for Strategic Studies recently estimating that Russia could sustain its warfare efforts for an additional two to three years, Moscow-aligned cyber operations will likely escalate beyond 24th February in alignment with the continually fracturing geopolitical landscape. 

For further details, you can refer to the Quorum Cyber Threat Intelligence Outlook 2024 report which provides a comprehensive breakdown on which offensive cyber operations will likely coincide with numerous major global events scheduled for 2024, such as presidential and national elections, as well as the Olympic Games in Paris.