Almost
a
year
ago,
Russia
invaded
Ukraine.
Due
to
the
unprovoked
aggression
by
Russia,
worldwide
condemnation
was
quickly
followed
by
a
call
to
arms
to
help
Ukraine,
both
on
the
ground
and
in
cyberspace.
#OpRussia
was
born.
A
year
on,
you’d
be
forgiven
for
thinking
that
#OpRussia
had
died
down.
What
happened
to
it?
What
did
it
achieve?
First,
let’s
look
at
the
numbers
and
the
participants.
While
it’s
hard
to
pin
down
exactly
how
many
people
are
active
in
the
cyberwarfare
aspect
of
the
conflict,
estimates
range
from
150,000
to
400,000,
based
on
the
number
of
subscribers
to
various
Telegram
channels.
Count
active
subscribers
to
the
various
Discord
channels
and
active
reactions
to
such
posts,
however,
and
you
get
closer
to
200,000
—
many
of
which
are
found
in
the
IT
army
Telegram
channel,
the
main
repository
for
target
listing
and
action
in
the
ongoing
cyberwarfare.
To
confuse
matters,
there
are
also
participants
in
various
auxiliary
organizations
that
have
flocked
to
the
Ukrainian
banner.
Hacken.io
—
a
bug
bounty
outfit
based
out
of
Kyiv
that
specializes
in
security
of
crypto
tokens,
extended
the
call
to
arms
to
its
own
army
of
hackers.
While
the
initial
callout
was
to
find
vulnerabilities
in
Russian
infrastructure,
this
was
walked
back
a
few
weeks
later
to
protect
Ukrainian
infrastructure.
Then
we
have
Anonymous
(the
infamous,
nebulous
organization
that
anyone
can
identify
with),
which
pushed
the
#OpRussia
tag
to
prioritize
attacks
against
Russian
interests
in
cyberspace.
On
top
of
this,
disparate
hackers
and
entities
joined
the
fray.
For
example,
Network
Battalion
65,
a
pro-Ukrainian
outfit,
appeared
on
Twitter
in
February
2022
and
almost
immediately
started
compromising
high-profile
Russian
targets
with
alarming
regularity,
under
the
#OpRussia
banner.
The
Tools
and
Initiatives
A
lot
of
high-profile
initiatives
were
born
from
the
drive
to
damage
Russian
interests
(and,
eventually,
Western
entities
that
still
maintained
a
presence
in
Russia).
The
most
popular
and
still
actively
used
is
Disbalancer
(also
called
“Liberator”),
a
DDoS
tool
used
to
take
down
infrastructure
targets.
The
barrier
to
entry
for
this
tool
is
extremely
low:
simply
download
the
flavor
of
your
choice
—
Windows,
Mac,
or
Linux
—
and
run
it,
and
your
bandwidth
is
used
to
attack
a
rotating
target
list.
Disbalancer
has
had
remarkable
success,
with
an
average
running
load
of
3,000
users
(still
a
formidable
botnet),
with
peaks
of
more
than
34,000
users.
The
tool
has
had
more
than
200,000
downloads
to
date.
There
is
a
rotating
target
list
of
up
to
a
dozen
targets,
and
Disbalancer
claims
to
have
attacked
more
than
700
Russian
targets.
On
top
of
this
were
some
more
esoteric
efforts,
such
as
PlayforUkraine.life,
a
simple
Web-based
game
of
2048,
which
performed
application-level
DDoS
in
the
background.
This
was
responsible
for
taking
down
Alfabank,
Russia’s
largest
domestic
bank.
PlayforUkraine.life
isn’t
active
anymore
and
seems
to
have
gone
quiet
in
mid-July
or
August
of
last
year.
Another
such
site
is
WasteRussianTime.today,
which
automatically
connected
two
government
officials
with
each
other.
As
the
name
implies,
the
only
outcome
was
wasted
time
and
some
hilarious
results.
The
website
is
currently
showing
a
502
error
and
looks
like
it
went
out
of
action
in
about
June
or
July
of
last
year.
The
Impact
and
Breaches
The
one
notable
constant
in
the
cyber
conflict
is
how
the
Russian
mythos
of
invulnerability
has
quickly
evaporated
(a
parallel
can
be
drawn
here
to
its
“physical”
forces
too).
The
breaches
from
February
to
August
would
be
too
numerous
to
list
here,
but
for
brevity
I’ve
listed
the
biggest
ones.
(For
similar
reasons
I’ve
also
omitted
DDoS
takedowns,
as
these
are
now
in
the
hundreds
of
targets.)
At
the
top
of
the
list
we
have
Roskomnadzor,
at
a
whopping
900GB.
It
effectively
is
the
mass
surveillance
department
for
the
Russian
population.
This
was
quickly
followed
up
byVGTRK
—
the
Russian
state
broadcaster,
essentially
a
propaganda
mouthpiece
for
the
Kremlin
—
that
was
20
years’
worth
of
emails
and
700GB
of
data.
Then
lots
of
other
government
affiliated
entities
follow:
Rosatom
(state
nuclear
agency),
the
Central
Bank
of
Russia,
Gazprom,
Petrofort,
the
Russian
interior
ministry,
Transneft,
SberBank,
the
Federal
Security
Service,
and
even
the
Russian
Orthodox
Church
all
get
their
turn.
For
the
first
six
months
of
2022,
the
Russian
government
was
suffering
a
breach
every
three
days,
for
a
total
equivalent
of
20TB
(!)
of
breached
data
in
the
first
few
months
of
the
war.
This
is
only
counting
the
leaks
made
public
via
various
entities
such
as
Ddossecrets.com,
where
most
of
these
leaks
can
be
found.
But
then,
after
the
first
six
months,
things
got
a
bit
quiet.
Even
the
most
prolific
actor
on
the
scene,
Network
Battalion
65
—
which
was
tearing
through
Russian
companies
since
February
—
went
dark
in
August
2022
and
never
resurfaced.
In
its
wake,
more
than
20
high-profile
breaches
and
something
north
of
4TB
of
data
leaked
by
them
alone
in
the
space
of
four
months.
So,
What’s
Happening
Now,
and
Why
Have
Things
Subsided?
The
cyberwar
never
really
stopped,
and
the
attacks
rumble
on
at
a
lower
rhythm,
but
the
intensity
remains.
At
the
time
of
this
writing,
for
example,
atol.ru
(tech
company
supporting
automation)
and
ofd.ru
(a
cloud
company)
are
the
current
targets
of
the
IT
army
of
Ukraine,
and
that’s
not
mentioning
the
dozen
or
so
rotating
targets
of
the
Disbalancer
tool.
Interest
in
Ukraine
has
sadly
waned
in
the
Western
press
as
the
conflict
rumbles
on.
Google
Trends
shows
that,
aside
form
a
large
peak
in
February/March
2022
and
a
follow-up
jump
in
May,
interest
in
Ukraine
in
search
terms
has
slowly
decreased.
The
impact
on
the
overall
course
of
the
war,
however,
remains
unclear,
and
if
anything
proves
that
true
cyberwar
is
a
long
way
off
and
that
the
real
outcome
of
the
war
will
be
decided
in
real
space
with
guns
and
steel.
About Author
