[1/2]Yuri Shehul, head of the State Service for Special Communications and Information Protection of Ukraine, speaks during an interview with Reuters amid the Russian attack on Ukraine, in Kiev, Ukraine on September 22, 2023. REUTERS/Ivan Lyubich Kirdy Obtaining licensing rights
KYIV/LONDON (Reuters) – Russian spies are using hackers to target computer systems at Ukrainian law enforcement agencies in an attempt to identify and obtain evidence related to alleged Russian war crimes, the head of Ukraine’s cyber defense told Reuters on Friday.
Yuri Shehol, head of Ukraine’s State Service for Special Communications and Information Protection, said the hackers, working through Russia’s foreign, domestic and military intelligence agencies, have intensified digital hacking campaigns targeting the Ukrainian Prosecutor General’s Office and departments that document war crimes. SSSCIP), which handles cyber defense in the besieged country.
“There has been a change in direction, from focusing on energy facilities to law enforcement institutions that previously were not targeted as much,” Shihol said.
He added, “This shift towards courts, prosecutors and law enforcement units shows that hackers are collecting evidence about Russian war crimes in Ukraine” with the aim of pursuing investigations in Ukraine.
The espionage activity will be flagged in an upcoming SSSCIP report, due to be published on Monday.
The report, a copy of which was seen by Reuters, says that the hackers were also trying to collect intelligence information about Russian citizens arrested in Ukraine, with the aim of “helping these individuals avoid prosecution and return them to Russia.”
“The groups we have identified as being involved in this activity are part of the Russian intelligence agencies GRU and FSB,” Shehol said.
The Russian Foreign Ministry and the Federal Security Service did not immediately respond to written requests for comment from Reuters. The Russian military intelligence agency, GRU, could not be reached for comment.
Shehol declined to specify exactly which units were targeted by the hacking campaign, citing security concerns. He added that the number of cybersecurity incidents documented by SSSCIP rose by 123% in the first six months of this year compared to the second half of 2022.
Without going into details, Shihol said that Russian hackers prioritized targeting government agencies and trying to access their email servers. Reuters was unable to independently verify any of the hacks mentioned by Chihol and the report.
The International Criminal Court, based in the Netherlands, said on Tuesday that it had detected “unusual activity” on its computer network last weekend. It was not clear as of Friday who was behind the hack.
The court made headlines in March when it issued an arrest warrant for Russian President Vladimir Putin on suspicion of illegally deporting children from Ukraine. The Kremlin rejects these accusations and the court’s jurisdiction.
Hybrid warfare
Before Russia’s invasion of Ukraine in February 2022, Western intelligence agencies warned of potential cyberattacks that could spread elsewhere and cause “spillover” damage to global computer networks.
While there is little evidence of the spread of these attacks so far, Russia regularly exploits hacks alongside its military operations.
An attempt by a Russian intelligence hacking group dubbed “Sandworm” to launch a devastating cyberattack on Ukraine’s power grid in April 2022 was thwarted.
Shihol said his department saw evidence that Russian hackers gained access to private security cameras inside Ukraine to monitor the results of long-range missile strikes and drone attacks.
“We documented several attempts to access video cameras close to the facilities they attacked, and to systems that provide information about the stability of the power grid,” he said.
Russia attacked Ukraine’s energy infrastructure with a winter air campaign last year that caused massive power outages for millions of people. Shihol said energy infrastructure has also been targeted by cyberattacks, and he expects those attacks to happen again this winter.
“You have to understand that the cyber war will not end even after Ukraine wins on the battlefield,” Shihol said.
(Reporting by Tom Balmforth in Kiev and James Pearson in London – Preparing by Muhammad for the Arabic Bulletin) Editing by Mike Collett-White and Gareth Jones
Our standards: Thomson Reuters Trust Principles.
“Internet practitioner. Social media maven. Certified zombieaholic. Lifelong communicator.”