When did the Russian offensive begin? The history books will retain the date of Thursday February 24, 2022, but the beginnings date otherwise from the eve of the end of 2021… It is Wednesday February 23 afternoon, more than 12 hours before the first tank passes the frontier. The operation to destabilize Ukraine and its infrastructure begins: a so-called “denial of service” cyber-attack which consists of overwhelming Ukrainian computer servers, bombarding them with tens, hundreds of thousands of simultaneous requests.
The attack will ramp up throughout the afternoon. A dozen major sites, banks and ministries, will fall one after the other, but Ukraine was prepared for it. She had even anticipated by calling on Europe for help. The European team from six countries of the Union may have helped the return to the Internet of the Ukrainian sites targeted, after a few hours, with this message: “Prepare for the worst”.
So much for the first preliminary attack. Simultaneously, that is to say on Wednesday evening, a computer virus will suddenly activate on hundreds of computers in Ukraine: malicious software whose mission is to erase all data. A “wiper”, a “cleaner” say cyber-security experts. It is not the first time that his presence has been detected in Ukraine, but in January he was much less aggressive.
On Wednesday February 23, the objective was to paralyze networks, isolate decision-making centers – as in Crimea in 2014 – and to sow doubt in the minds of Ukrainians about the government’s ability to protect them, even if nothing does not allow to certify that these cyber-attacks come from Russia. These viruses, however, leave clues. This “Hermetic Wiper” – since that is its name in English – bears, in its code, its date of creation: December 28, 2021. It is therefore likely that the attack has been planned for at least two months.
Cyber warfare is certainly not over. All countries that support sanctions against Russia are now potential cyber targets. Already, three weeks ago, 17 oil terminals in Europe were targeted by a virus that blocks PCs until a ransom is paid. This ransomware was most likely of Russian origin, without being able to say if it went back to the Kremlin.
In France, the ANSSI (National Agency for the Security of Information Systems) warns against “effects in cyberspace that must be anticipated”. The agency states that “no cyberthreat targeting French organizations, in connection with recent events, has yet been detected”.
Nevertheless, it encourages companies and administrations to remain vigilant and to implement five priority cyberpreventive measures: strengthen the authentication of particularly exposed computer accounts such as those of system administrators, increase the vigilance of supervision teams, save offline data and critical applications, establish a prioritized list of critical digital services, ensure the existence of a crisis management system adapted to a cyberattack.