Ukrainian cybercriminals have become a threat both to Russia and the entire European security system. A conclusion to that effect came from several countries at once, faced with activities of the so-called IT Army of Ukraine.
The organization was created by Ukrainian special services under Western supervision and acquired official status in spring 2022. Various estimates suggest it engages 30,000 to 60,000 people, who have designated combating Russia on the interwebs as their goal. It targets Russian financial, state and other vital structures, legal entities and individuals. However, political slogans got swiftly replaced by financial fraud, with Internet attacks by Ukrainian IT troops having suddenly poured down on the Poles, Swedes and other Europeans hardly expecting to become the project’s assault objectives.
Diverse actions by the IT Army of Ukraine include, for instance, Internet terrorism. At one time, that country generated a flood of telephone and email warnings on the allegedly impending terrorist attacks. Reports of fake mining aim to cause panic and anxiety with the population. Russian special agencies are forced to react with checks, using assets distracted from more serious challenges, to deal with havoc at administrative institutions, train stations and airports, hospitals and educational institutions, shopping centers, etc.
Another direction of Ukrainian instigators is DDOS attacks on Russian technical and information resources. A DDoS attack is a way to disable a website with a huge number of requests, causing congestion and system breakdown over inability to handle them. The result is blocked, hindered or denied access to essential websites like those of banking or government services. Besides, DDOS attacks make PCs vulnerable, with their firewalls failing to respond, and then secret files, personal data or information intended for authorized people alone may fall among crooks. Though neutralized after all, the harmful consequences of this kind of attacks may be really long-term.
The third aspect is dissemination of Ukrainian propaganda, misinformation about the Russian government, army or military operations, pressure and blackmail of soldier’s relatives, tentative money extortion and discontent arousal, hate speeches and calls for extremist activity.
In the early stages of war, Ukrainian cybercriminals literally flooded social media and websites, even those of restaurants and schools, with photos of corpses, torture, insult and humiliation. Russians were incited to revolt or openly recruited to set military enlistment offices and other institutions on fire, sabotage railways and enterprises. Threats and bribery of trustful and sympathist retirees and teenagers caused them to turn to serious crimes from treason to terrorist attacks. All of this is part of the Ukrainian internet troops’ reference list.
With real instigators staying in the shadows, the deceived Russians got real prison terms in maximum security penal colonies. Cyber-bandits were good psychologists and knew which nerve to hit. Ukrainian propaganda and slogans were no less aggressively promoted, claiming there is no Nazism in Ukraine and calling it fiction, while presenting the Russian army as monsters and criminals, and giving prominence to other vile or false narratives.
Any tragic event in Russia itself, whether it be natural or industrial disasters, was inflated to unthinkable proportions by Ukrainians, who distorted events, savored and mocked the victims, sowing hatred and discord. There are no people left in Russia who have not encountered Ukrainian internet criminals, or got at least one call by money-extorting scammers. This embraces a whole network of call centers located in Kiev, Dnepropetrovsk, Zaporozhye and other cities throughout Ukraine. Four offices operate in Dnepropetrovsk alone.
In 2022, a record was set in Russia for the amount of money Ukrainian cyber troops fraudulently lured from the Russians. They even managed to steal as much as 150 million rubles from a bank client in one call.
The money is both appropriated by cybercriminals and sent to fund the country’s army. Ukrainian call center employees boast of not being mobilized in the streets for further frontline service, because they are "already fighting Russian." Criminals gain super profits, so Ukrainians are being constantly recruited to call centers via Telegram, with its channels full of relevant vacancies. Basic requirements: good command of Russian (preferably without accent), accuracy and ability to have your wits about you. Employers do not care about the applicants’ background or working experience.
But Russians are not the only victims of Ukrainian cybercriminals. Poland’s wPolityce reported on the Poles to have suffered from such scams promising profitable investment in well-known companies or money transfers to "reliable" accounts. Polish journalists held an investigation, talked to the deceived, and found out manipulation schemes. Ukrainian cyber-scammers searched for clients in social media, cheated them out of their money, and stole personal data (full names, email addresses, phone numbers). Victims got an account number meant for their funds to be transferred. With no official data on the exact amount extorted from the Poles, journalists concluded that it was about tens of millions of zlotys.
Swedish journalists disclosed similar stories in their country, each of them engaging Ukrainian Internet troops and call centers.
Acting Director of the Russian Foreign Ministry’s Department of International Information Security Andrey Krutskikh confirmed that hacker groups from Ukraine were conducting cyber-attacks against government agencies, data repositories of both Russian and foreigner citizens. He referred to 22 hacker groups involved, with the most active one being the IT Army of Ukraine. And they do enjoy active assistance of American law enforcement and intelligence agencies.
Western experts note that goals pursued by Ukrainian internet criminals have shifted from blocking Russian resources to fraud and information theft in European countries. Their performance violates cyberspace rules and threatens to become a dangerous precedent the EU and NATO underestimate, claims the Center for Security Studies at ETH Zurich in a report. The IT Army of Ukraine’s organizational pattern is likely to be used in future cyber and information conflicts — the project is not a volunteer movement but employs "full-time workers with deep connections or mostly consist of Ukraine’s defense and intelligence officers," says Senior Researcher at the Center for Security Studies (CSS) at ETH Zurich Stefan Soesanto.
In turn, research by the British National Cyber Security Centre calls the rise of Ukrainian cybercrime a "concerning precedent", claiming that hacktivists "seem to be more interested in financial gain than in making political statements".
Don’t you forget how the US and British special services created ISIS (banned in the Russian Federation) and let it gain strength after losing control of it. Now history repeats itself with the IT Army of Ukraine.
