Russian hackers are reportedly intensifying their cyberattacks on Ukraine’s law enforcement agencies, focusing on uncovering information related to investigations of war crimes allegedly committed by Russian soldiers.
According to an SSSCIP report, the Russian objective appears to be to identify war crime suspects, potentially aiding them in evading prosecution and facilitating their return to Russia. Additionally, the hackers are likely keen to ascertain the identities of elite soldiers and officers captured in Ukraine for possible exchange.
Ukrainian cybersecurity officials have voiced concerns over these espionage campaigns, which have targeted entities such as the prosecutor general’s office, courts, and other bodies investigating war crimes.
In a development that may be related, Karim Khan, the lead prosecutor of the International Criminal Court (ICC), announced that the court intends to investigate cyberattacks as possible acts of war crimes. Russia’s cyber assaults on Ukraine’s essential civilian infrastructure could be some of the initial instances under this new interpretation.
Not long after this announcement, the ICC decided to establish a field office in Kyiv in charge of investigating Russian war crimes. The ICC then reported a breach of its computer systems without divulging further details regarding the severity or attribution of the attack.
Japan is developing a counter-cyber attack grid for the Indo-Pacific region to protect its interests and allies from cyber threats. The grid will consist of a cyber defence network that covers Pacific islands and enhances cybersecurity cooperation with regional countries.
This project is aligned with Japan’s goal of creating a free and open Indo-Pacific region, where it can balance the rising power of Russia, North Korea, and especially China. Japan wants to build this grid to prevent future cyberattacks and protect its national security and stability.
To strengthen cyber capabilities in the Indo-Pacific, the Japanese Foreign Ministry has allocated around a $75 billion investment plan to strengthen its ties with South and Southeast Asian nations and promote peace, connectivity, and security in the Indo-Pacific. The allocated funds will be utilized for various initiatives, including installing necessary cybersecurity equipment. Additionally, capacity building efforts will be undertaken through joint training sessions. The World Bank will also offer a dedicated fund to support the development of cybersecurity human resources in these nations.
Why does it matter?
The move comes amid growing concerns over China’s alleged involvement in cyber attacks against Japan. Around 200 Japanese organizations, including the Japan Aerospace Exploration Agency, are believed to have been targeted by Chinese cyber hackers. Reports suggest that Chinese military hackers have also accessed Japanese defence secrets.
The document highlights the perils of weaponising new and emerging technologies, such as the proliferation of armed uncrewed aerial systems, the ease of access to powerful tools that facilitate the spread of misinformation, disinformation, and hate speech, and the misuse of digital technology by terrorist groups.
Among the 12 sets of recommendations detailed in the Policy Brief as steps towards achieving more effective multilateral action for peace and security, one is dedicated to ‘preventing the weaponisation of emerging domains and promote responsible innovation’. Here, the Secretary-General calls for:
The development of governance frameworks, at the international and national levels, to minimise harms and address the cross-cutting risks posed by converging technologies.
The establishment of an independent multilateral accountability mechanism for malicious use of cyberspace by states, to reduce incentives for such conduct. Such a mechanism, the Secretary-General argues, could enhance compliance with agreed norms and principles of responsible state behaviour.
The conclusion, by 2026, of a legally binding instrument to prohibit lethal autonomous weapon systems that function without human control or oversight, and which cannot be used in compliance with international humanitarian law, and to regulate all other types of autonomous weapons systems.
The development of frameworks to mitigate risks relating to AI-enabled systems in the peace and security domain. The Secretary-General specifically mentions the International Atomic Energy Agency, the International Civil Aviation Organization and the Intergovernmental Panel on Climate Change as governance approaches that member states could seek inspiration from. He also invites member states to consider the creation of a new global body to mitigate the peace and security risks of AI while harnessing its benefits to accelerate sustainable development.
The development of norms, rules and principles around the design, development, and use of military applications of AI through a multilateral process, with the engagement of stakeholders from industry, academia, civil society and other sectors.
The development of a global framework regulating and strengthening oversight mechanisms for the use of data-driven technology, including AI, for counter-terrorism purposes.
The development of measures to address the risks involved in biotechnology and human enhancement technologies applied in the military domain.
The UK National Cyber Force (NCF) – a partnership between the country’s armed forces and the Government Communications Headquarters (GCHQ) – disclosed details about its approach to ‘responsible cyber operations to counter state threats, support military operations, and disrupt terrorists and serious criminals’.
The document outlines that central to NCF’s approach is the ‘doctrine of cognitive effect’ – using techniques that have the potential to sow distrust, decrease morale, and weaken the adversaries’ ability to plan and conduct their activities effectively with the goal of changing their behaviour. This can include preventing terrorist groups from publishing pieces of extremist media online or making it harder for states to use the internet to spread disinformation. NCF’s operations are covert, and the intent is sometimes that adversaries do not realise that the effects they are experiencing are the result of a cyber operation.
‘In an increasingly volatile and interconnected world, to be a truly responsible cyber power, nations must be able to contest and compete with adversaries in cyberspace,’ GCHQ director Jeremy Fleming said. The statement was published alongside a 28-page paper designed ‘to illustrate aspects of how the UK is being a responsible cyber power’. It did not elaborate on the specifics of those operations.
The biggest internet service provider in Russia, Rostelecom, reports that 2022 saw a record number of Distributed Denial of Service (DDoS) attacks against Russian organisations.
According to the Rostelecom report, its experts recorded 21.5 million critical web attacks aimed at approximately 600 organizations from various industries, including critical infrastructure, financial, and the private and public sectors. DDoS assaults accounted for 80% of all cyberattacks directed at Russian entities.
Other findings suggest that 30% of all observed cyberattacks in 2022 targeted the governmental sector, followed by 25% on financial organisations and services and 16% on educational institutions.
With more than 500,000 DDoS attempts found, Moscow was the most often targeted region in 2022. The largest documented attack was 760 GB/sec, while the longest DDoS lasted nearly three months.
Following ten months of monitoring indicators of the group’s operations, Unit 42 announced that it had identified, among other issues:
‘An unsuccessful attempt to compromise a large petroleum refining company within a NATO member nation on 30 August 2022’ (neither the country nor the company concerned was named).
‘An individual who appears to be involved with Trident Ursa threatened to harm a Ukraine-based cybersecurity researcher immediately following the initial invasion.’
‘Multiple shifts in [the group’s] tactics, techniques and procedures.’
In October 2022, Amnesty International Canada detected and investigated a sophisticated digital security breach. The organisation announced that, according to forensic experts at the cybersecurity firm Secureworks, the attack was likely orchestrated by ‘a threat group sponsored or tasked by the Chinese state’. The conclusion was based ‘on the nature of the targeted information as well as the observed tools and behaviors, which are consistent with those associated with Chinese cyberespionage threat groups’. China’s embassy in Ottawa denied the allegations.
Microsoft has warned that Russian cyberattacks are likely to continue to target Ukrainian critical infrastructure, and may also target countries and companies that are providing Ukraine with vital supply chains of aid and weaponry. The company also noted that ‘cyber-enabled influence operations’ that target Europe are likely to be conducted in parallel with cyberthreat activity.
Microsoft also announced that its AI for Good Lab has created a Russian Propaganda Index (RPI) ‘to monitor the consumption of news from Russian state-controlled and sponsored news outlets and amplifiers’. Compared to other Western Europe countries, Germans read and watch significantly more Russian propaganda, the AI for Good Lab found.
The exercise involved 1000 cyber defenders from 26 NATO allies, Finland, Sweden, Georgia, Ireland, Japan, Switzerland, and the EU, as well as experts from business and academia.
Cyber Coalition 2022 was used to test and validate concepts, capture requirements, or explore disruptive technologies, in support of military operators and commanders. It included experiments on the use of artificial intelligence to help counter cyber threats, on the standardisation of cyber messages to foster information sharing, and on the exploitation of cyber threat intelligence to inform cyberspace situational awareness.
