[Column] Learn from Ukraine’s Cyber Defense
The author is an editorial writer and senior researcher at the Institute for Military and Security Affairs at the JoongAng Ilbo.
“Be afraid and wait for the worst!” a text read as Ukrainian government websites and those of other institutions were hacked before Russia attacked its neighbor on February 24. The warning was posted on January 14. The digital offensive created terror across Ukraine before Russia carried out the invasion. It was a type of psychological warfare designed to unsettle and demoralize Ukrainians entering a war with a global power like Russia.
Russia stole personal information of Ukrainian government officials through hacking to threaten them with emails. The hackers then took down the websites of government offices and institutions to prevent them from warning the people of an impending invasion.
Ten months into the war, Ukraine has held its ground with assistance in weapons and defense resources from the United States and other members of the North Atlantic Treaty Organization (NATO). Meanwhile, under Western-led sanctions, Russia has been struggling amid shortages, such as artillery. Russia is currently bombing energy infrastructure in Ukraine to cause more pain to civilians in the winter.
Cyber warfare has become a crucial component of the war between Russia and Ukraine. We have never seen such a methodical application of cyber warfare.
The war on cyberspace puts South Korea on alert in its confrontation with North Korea, a country with the world’s second or third best cyber warfare capabilities. As South Korea is arguably the world’s most connected society, heavily dependent on the internet and IT infrastructure, the country could suffer colossal damage if it does not fully prepare itself against cyberattacks from North Korea.
Russia planned a three-stage hybrid war with Ukraine, starting with cyber attacks and a propaganda campaign before launching full-scale combat operations. In the first step, it destabilizes the administrative network through electronic intrusion and hacking. In the second phase, it spreads disinformation through manipulation of the IT network in Ukraine to demoralize the Ukrainian people. It then deploys troops and ends the war as quickly as possible.
The cyberattack had three missions: First, to disconnect and crash Ukraine’s power and telecommunications networks within 24 hours; second, to render Ukraine’s judicial system dysfunctional in order to prevent law enforcement from arresting pro-Russian citizens or agents; third, disabling websites of the Office of the President, the Joint Chiefs of Staff, the Legislature, and the Cabinet to interfere with war operations. If North Korea invades South Korea, it may use such tactics almost in the same way.
Russia carefully planned the cyber operation. According to AO Kaspersky Lab, Russia planted a destructive malware called WhisperGate from December 21 to 23 in 2021. Five days later, a similar data-wiping malware called Hermetic Wiper broke into systems in Ukraine.
On January 13 this year, Russia spread WhisperGate to some networks of government offices in Ukraine. The attack took over from the next day. Government websites were manipulated. Mobile apps and ATM system crashed.
Russia’s Advanced Persistent Threat (APT) even attacked foreign missions in Ukraine. In mid-February, Ukrainian banking and military websites came down from Russia’s denial-of-service (DDoS) bombing. Russia has denied any involvement.
On February 23 – a day before the war – a swarm of malware was unleashed to invade government, military, financial institutions, airlines and IT service networks. Fake news texts were sent out to Ukrainian citizens. On the day of the February 24 invasion, most of the websites of Ukrainian government networks were subjected to ruthless hacking. Local media organizations and European government officials fell victim to DDos attacks and phishing campaigns.
In mid-March, Russia hacked into a Ukrainian TV channel to broadcast a statement purporting to be from Ukrainian President Volodymyr Zelensky calling on the people to surrender and lay down their arms. Chinese state media reported the news and were suspected of aiding Moscow’s propaganda campaign.
But Ukraine did not give up easily after the extensive cyber attack. The country learned from Russia’s cyber attack in 2014, when it invaded Crimea. The Ukrainian government has since moved all sensitive data and servers to secure locations.
The Ukrainian government also assembled a volunteer digital army. Its hacktivists moved to attack the Russian government and institutions. They hacked the rail network of Belarus, an ally of Russia, to impede the movement of Russian ground forces. The hackers went so far as to disrupt the telecommunications service of Russia’s Black Sea Fleet and obtained sensitive files from Russia’s FSB security agency.
The US and NATO supported Ukraine’s defense on the cyber front. The US government offered a “cybershelter” to protect Ukrainian websites facing DDoS attacks. The US Department of Defense responded to the request in just 15 minutes and installed defense software on the Ukrainian police server within eight hours. Such quick help would not have been offered if Ukraine had not been thoroughly prepared.
Microsoft has been running an intelligence center for months to keep an eye on contamination in Ukraine’s IT system. Among others, Poland, Estonia and the Netherlands sent rapid cyber response teams under NATO guidelines. SpaceX has delivered Starlink terminals to Ukraine to help normalize social media services based on the satellite network.
Global hacktivists such as Anonymous also joined the cyber war. After forming an alliance against Russia, they hacked into 90 of Russia’s 100 key databases to degrade Russia’s IT systems. The Russian cyberattack that appeared to be successful from the start was not so successful. Moscow only invited a series of counterattacks from Ukraine.
As intelligence warfare flopped, Russia’s military operation also faced setbacks. The morale of Ukrainian military and civilians was lifted. Russian tanks and armored vehicles were stopped in the face of strong resistance from Ukrainians in many parts of the country.
What if South Korea is subjected to a full-scale cyberattack from North Korea? Kim Jong-un has compared cyber capabilities to an “all-purpose sword as effective as nuclear weapons.” His declaration means Pyongyang could deploy cyber artillery along with weapons of mass destruction such as nuclear missiles against South Korea.
Indeed, Pyongyang has attempted several hacking campaigns against the South Korean government, military, financial institutions, media organizations, defense firms and individuals since 2009. It is suspected of stealing cryptocurrencies to finance its weapons development. The country has been accused of the theft of more than $600 million in digital assets this year alone.
The Yoon Suk-yeol administration and military authorities must strengthen national-level preparedness against cyberwarfare. They must prepare detailed guidelines for dealing with mass-scale cyber provocations from North Korea. Cyber resilience should be improved to minimize damage. Learning from the Ukrainian experience, we must seek a closer alliance with the US, Japan and others, not to mention forming a civilian cyber IT army.
A legal basis must be set for national cyber security. Since the related decrees are at the presidential level, there is a limit to their implementation. A private-public intelligence sharing system must be established to effectively defend civilians against cyber threats from North Korea. The head of cyber command in our military must also be raised to the three-star general level to improve operational capabilities.