Russian citizens were shocked last month when a broadcast from Vladimir Putin appeared to show the president declaring martial law and announcing that Ukrainian troops had invaded the country.
“Ukrainian troops have been armed to the teeth by NATO and with the agreement and support of Washington, have invaded Kursk, Belgorod and Bryansk,” the president appeared to say in a speech broadcast on a number of radio stations and TV channels.
Yet the announcement was a hoax, powered by AI deepfake technology.
Hackers used computer algorithms to create Putin’s likeness and even synchronized his lips and voice to broadcast the bogus message.
Once upon a time, it would have been unthinkable to infiltrate Russia’s strictly censored state media to broadcast fake news in Putin’s image.
Yet cyber-attacks against Russian infrastructure have become increasingly common over the past 18 months.
Last week, Russian Railways said hackers had infiltrated its ticketing systems in a “massive” attack, the RIA Novosti newswire reported.
The state rail operator’s website and mobile app went offline, which the company blames on “multiple attacks with a constantly changing vector and tools” coming from “all over the world”.
This was not the only large-scale cyber incident to hit Russia in recent months. The country’s interbank payment system briefly went down in June, disrupting money flows between financial institutions.
A group of Ukrainian-affiliated hackers took credit for taking the Bank of Russia’s telecom provider offline, preventing the central bank from communicating digitally with the outside world.
In April, another attack knocked out IT systems at Federal Customs, forcing inspectors to revert to pen and paper.
While they may seem minor in themselves, these attacks are contributing to Russia’s ongoing economic collapse.
Estimates from the OECD say Putin’s wartime economy will shrink by a worst-case scenario of 2.5 per cent this year, wiping about $56bn (£43bn) from his gross domestic product.
Alan Woodward, a security expert from the University of Surrey, points to the riotous community of Russian Telegram bloggers who describe every IT outage as evidence of Western-backed efforts to use Russia as a testing ground for cyber-attack techniques.
“Russia is somewhat hampered because it is one of two sides in the war and so is almost a ‘legitimate target’, provided the attacker is likely not a Western country,” he says.
This semi-official cyberwar against Russia is getting itchy, with even Putin’s ministers admitting that the situation is getting worse for them.
Deputy Digital Minister Aleksandr Shoitov said two weeks ago: “The attacks are really getting harder. They also pretend to be [distributed denial of service] to attack. Hackers use rather difficult vulnerabilities.”
In a vain attempt to reassure ordinary Russians, he added: “But the country is holding up, we are working effectively, we are raising the front of our security.”
However, those reassurances may fall on deaf ears. Customs was “partially paralyzed” by April, according to local news reports.
A spokesperson for freight company Delko said only 44 vehicles, instead of the usual 200, were able to pass through customs checkpoints in the days following the attacks as officials struggled to cope with the normal volume of traffic.
Suspicion of these disruptions inevitably falls on Ukraine, but in recent weeks Russia has begun to point the finger at Volodymyr Zelensky’s Western allies.
US intelligence agencies were blamed by Russia in June for a major cybersecurity breach of Apple iPhones in the country.
The FSB spy agency, itself no stranger to hacking the West, said the US was behind an “intelligence operation” that compromised diplomats’ phones.
In response to the claims, Apple said “We have never worked with any government to put a back door in an Apple product and never will”.
The founder of the Russian-based antivirus company Kaspersky described the “highly technologically advanced spyware” that technicians found on the phones of “senior and top management”.
“We believe the main reason for this incident is the proprietary nature of iOS,” Eugene Kaspersky said in June, referring to the Apple software that powers all iPhones.
“Detecting and analyzing such threats is made all the more difficult by Apple’s monopoly on investigative tools.”
However, a company spokesperson stopped pointing the finger at the West.
“We cannot speculate on the connection between specific individuals or groups and the cyber-attacks that have taken place,” the spokesperson said. “As a cybersecurity provider, our job is to make technical attributions and analyze attacks.”
Identifying the culprits behind such cyberattacks is difficult, made even more so by the inherently murky world of online disruptions.
Dr. Lukasz Olejnik, an independent geopolitical researcher, articulates what some Western cyber industry sources only refer to when it comes to cyber attacks targeting Russian companies: “We cannot rule out the involvement of cyber operators from the Western state or Ukrainian services. revealed during this war, though.
“Western states are guaranteed to be active,” he adds, “but they prefer to focus on efficient use of such activities, not flashy defacements or data breaches… Some of [that] is definitely done by ‘amateur’ hackers.”
Rafe Pilling, director of the anti-threat unit at cybersecurity firm Secureworks, says verifying claims about who hacked what in a country like Russia is fraught with problems.
“You can check in advance if someone claimed to take something down or you can check if it wasn’t available [beforehand] but even that can be a bit difficult,” he says.
“In the same way that during a period when every IT outage in the West was a Russian cyber-attack, I imagine a similar climate exists or is developing in Russia regarding these groups,” Pilling added.
Ransomware poses the biggest threat to Russian companies, according to Kaspersky – a finding that echoes the trend in the UK and US, where the biggest threat comes from Russian-speaking cyber-gangs who use the malicious software to scramble their targets’ computer systems. to fetch.
Customer requests to decrypt ransomware-encrypted files in January 2023 alone reached fever pitch, “more than half the requests of the entire past [three months] of 2022,” the company said.
Whoever is behind the ongoing digital attacks on Russia, one thing is clear: while the country was once seen as a cyber-attacker, the past year has shown that it is just as vulnerable as the West.
Expand your horizons with award-winning British journalism. Try The Telegraph for 1 month free, then enjoy 1 year for just $9 with our US exclusive offer.
