Some online fighters have moved away from the tactics previously used in conflict. In the first phase of the war, Ukrainian hackers focused on attacks aimed at hacking Russian websites offline. Russian hackers targeted Ukrainian government websites in January before the invasion, installing “Viper” malware that permanently wipes data from computer networks. More recently, Russian hackers have carried out attacks that could cut off electricity or cut off military communications. (U.S. officials say many of those attempts failed.)
But the disclosure of personal data is more like an information war than a cyber war. It echoes Russia’s strategy in 2016, when hackers backed by the Russian intelligence agency stole and leaked data from individuals working on the Democratic National Committee and Hillary Clinton’s presidential campaign. Such hacks are aimed at embarrassing and influencing political outcomes rather than destroying equipment or infrastructure.
Experts warn that the involvement of amateur hackers in the conflict in Ukraine could lead to confusion and further state-sponsored hacking, as governments seek to defend themselves and retaliate against their attackers.
“Some cybercrime groups have recently publicly pledged their support to the Russian government,” the Cyber Security and Infrastructure Security Agency warned in an advisory on Wednesday. “These Russian-linked cybercrime groups have threatened to carry out cyber operations to seek revenge against the Russian government or the Russian people for their alleged cyber offenses.”
The Distributed Denial of Secrets, or DDoSecrets, a nonprofit organization that publishes a lot of leaked content, was founded in 2018 and publishes content from US law enforcement agencies, shell companies and right-wing groups. But since the start of the war in Ukraine, the group has been flooded with data from Russian government agencies and companies. It currently hosts more than 40 data sets related to Russian units.
Lorex b., A member of DDoSecrets. “There has been a lot of activity on that front since the beginning of the war,” Horn said. “Since the end of February, it’s not all Russian data sets, but the overwhelming amount of data that we’ve been receiving.”
DDoSecrets acts as a clearinghouse, publishing data obtained from sources through an open submission process. The organization says its mission is transparency with the public and it avoids political alliances. It is often described as the successor to WikiLeaks, another nonprofit group that has leaked leaked data from anonymous sources.