Exclusive-Russian hackers seek war crimes evidence, Ukraine cyber chief says
2023.09.22 14:23
© Reuters. Yurii Shchyhol, Head of the State Service of Special Communication and Information Protection of Ukraine, speaks during an interview with Reuters, amid Russia’s attack on Ukraine, in Kyiv, Ukraine September 22, 2023. REUTERS/Ivan Lyubysh-Kirdey/File Photo
By Tom Balmforth and James Pearson
KYIV/LONDON (Reuters) – Russian spies are using hackers to target computer systems at law enforcement agencies in Ukraine in a bid to identify and obtain evidence related to alleged Russian war crimes, Ukraine’s cyber defence chief told Reuters on Friday.
The hackers, working across Russia’s foreign, domestic and military intelligence agencies, have stepped up digital intrusion campaigns targeting the Ukrainian Prosecutor General’s office and departments documenting war crimes, said Yurii Shchyhol, head of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP), which handles cyber defence in the embattled country.
“There’s been a change in direction, from a focus on energy facilities towards law enforcement institutions which had previously not been targeted that often,” Shchyhol said.
“This shift, towards the courts, prosecutors and law enforcement units, shows that hackers are gathering evidence about Russian war crimes in Ukraine” with a view to following Ukraine’s investigations, he added.
The espionage activity will be flagged in an upcoming SSSCIP report, due to be published on Monday.
The report, a copy of which was reviewed by Reuters, says hackers were also trying to gather intelligence on Russian nationals arrested in Ukraine, with a view to “help these individuals avoid prosecution and move them back to Russia”.
“The groups we’ve identified as being engaged in this activity are part of Russia’s GRU and FSB intelligence agencies,” Shchyhol said.
Russia’s Foreign Ministry and the Federal Security Service (FSB) did not immediately respond to written requests from Reuters for comment. Russia’s GRU military intelligence agency could not be reached for comment.
Shchyhol declined to identify exactly which units had been targeted by the hacking campaign, citing security concerns. The number of cybersecurity incidents documented by the SSSCIP grew by 123% in the first six months of this year compared with the second half of 2022, he added.
Russian hackers have prioritised targeting government bodies and trying to gain access to their e-mail servers, Shchyhol said, without elaborating. Reuters was unable to independently verify any of the hacks detailed by Shchyhol and the report.
On Tuesday the Netherlands-based International Criminal Court (ICC), said it had detected “unusual activity” on its computer network at the end of last week. It was still not clear on Friday who was behind the hack.
The court made headlines in March when it issued an arrest warrant for Russian President Vladimir Putin on suspicion of illegally deporting children from Ukraine. The Kremlin rejects the accusations and the court’s jurisdiction.
HYBRID WAR
Ahead of Russia’s invasion of Ukraine in February 2022, Western intelligence agencies warned of potential cyberattacks which could spread elsewhere and cause “spillover” damage on global computer networks.
While there has been little evidence of spillover to date, hacks have been regularly leveraged by Russia alongside its military operations.
An attempt by a Russian intelligence hacking group dubbed “Sandworm” to launch a destructive cyberattack against Ukraine’s electricity grid was thwarted in April, 2022.
Shchyhol said his department saw evidence that Russian hackers were accessing private security cameras within Ukraine to monitor the outcome of long-range missile and drone strikes.
“We have documented several attempts to gain access to video cameras near the facilities they attacked, and to systems that provide information about the stability of the energy network,” he said.
Russia attacked Ukrainian energy infrastructure with a winter air campaign last year that caused sweeping power cuts for millions of people. Shchyhol said energy infrastructure was also targeted with cyber attacks and that he expected those attacks to happen again this winter.
“You need to understand that the cyber war will not end even after Ukraine wins on the battlefield,” Shchyhol said.