Nearly one year ago, Russia launched an attempted full-scale invasion of Ukraine.

From the start of this full-scale invasion, offensive and defensive cyber operations have played a prominent role in the conflict.

To provide more insights into the role of cyber, Google has released a report entitled: Fog of war: How the Ukraine conflict transformed the cyber threat landscape.

The report is based on analysis from Google’s Threat Analysis Group (TAG), Mandiant, now part of Google Cloud, and Google Trust & Safety.

You can access the report here.

Insights I found compelling:

+ Google has donated 50,000 Google Workspace licenses for the Ukrainian government, a rapid Air Raid Alerts system for Android phones in Ukraine, support for refugees, businesses, and entrepreneurs, and measures to pause monetization indefinitely and significantly limit recommendations globally for several Russian state news media across our platforms.

+ The Ukrainian government is under near-constant digital attack.

+ The level of collective defense  between governments, companies, and security stakeholders worldwide  is unprecedented.

+ This report outlines three significant observations: (1) Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to gain a decisive wartime advantage in cyberspace, often with mixed results; (2) Moscow has leveraged the full spectrum of information

operations — from overt state-backed media to covert platforms and accounts — to shape public perception of the war, and (3) The invasion has triggered a notable shift in the Eastern European cybercriminal ecosystem that will likely have long-term implications for both coordination between criminal groups and the scale of cybercrime worldwide.

+ Together, these observations point to several broader assessments for the security community from now on: (1) Russian government-backed attackers will continue to conduct cyber attacks against Ukraine and NATO partners to further Russian strategic objectives; (2) Moscow will increase disruptive and destructive attacks in response to developments on the battlefield that fundamentally shift the balance — real or perceived — towards Ukraine; and (3) Russia will continue

to increase the pace and scope of information operations to achieve the objectives described above, particularly as we approach critical moments like international funding, military aid, domestic referendums, and more.

+ It is clear that cyber will now play an integral role in future armed conflict, supplementing traditional forms of warfare.

+ Since the war began, Google has seen an over 300% increase in Russian phishing campaigns directed against users in NATO countries in 2022 (compared to a 2020 baseline).

+ The GRU’s most versatile operators do it all: From intelligence collection, destructive network attacks, and contributing to information operations.

+ The war caused Chinese government-backed attackers to shift their focus towards Ukrainian and Western European targets to gather information on the conflict.

+ Google has seen a resurgence of hacktivism and Russian intelligence connection to hacktivists.

+ Information operations (IO) targeting domestic Russian audiences have seen a spike in shoring up support in Russia for the war and praising Wagner Group.

+ During the war, Google has observed a pattern of concurrent disruptive attacks, espionage, and IO — likely the first instance of all three being conducted simultaneously by state actors in a conventional war.

+ The cybercriminal ecosystem has been disrupted, with some groups declaring political allegiances, others splitting into geopolitical lines, and prominent operators shutting down.

If you need help overcoming the fog of war with actionable geopolitical intelligence, Caracal is here to help.

Enjoy the ride + plan accordingly.

-Marc

ITK Daily is geopolitical business intelligence for senior executives with global ambition.

ITK Daily curates news @ the intersection of globalization, disruption, politics, culture, + sport and provides actionable insights and sharp commentary.