How the Cybercrime Landscape has been Changed following the Russia-Ukraine War

Elena Koldobsky, Threat Intelligence Analyst

On February 24, 2022, Russian forces invaded Ukraine, following years of tension between the two countries. The notion of war led multiple countries to speculate that Russia may use cyber attacks against Ukraine and supporting it western organizations and companies, with the US sending “top security officials” to help NATO prepare for Russian cyberattacks. Surprisingly, expectations for severe cyber-attacks on Ukraine and Europe turned out to be overestimated, as Russia refrained from large-scale attacks, and instead used distributed denial-of-service and wiper attacks on Ukrainian governmental institutions, infrastructure and telecommunications companies, and more. To defend itself, Ukraine raised a volunteer “IT Army”, which, together with hacktivists organizations from across the world, is targeting Russian companies and organizations to this day.

The winds of change have not passed over the cybercrime underground. From new illicit services that have never been available before, through war-related discussions appearing on apolitical cybercrime forums, to a hacktivist group using a famous Russian ransomware gang’s source code to target Russian companies – the cybercrime landscape has altered beyond recognition.

This report reviews the various changes that occurred in the cybercrime underground following Russia’s invasion of Ukraine. It provides a unique window into the delicate geopolitics of cybercrime, demonstrating how real-life emergencies influence services and opportunities and generate new trends.