Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape

Authors

Threat Analysis Group (TAG)
Mandiant
Google Trust & Safety

Date of this Version

2-2023

Document Type

Article

Citation

https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/

Abstract

One year ago, Russia invaded Ukraine. Since then, tens of thousands of people have been killed, millions of Ukrainians have fled and the country has sustained tens of billions of dollars worth of damage. Importantly, this marks the first time that cyber operations have played such a prominent role in a world conflict.

Since the war began, governments, companies, civil society groups, and countless others have been working around the clock to support the Ukrainian people and their institutions. At Google, we support these efforts and continue to announce new commitments and support to Ukraine. This includes a donation of 50,000 Google Workspace licenses for the Ukrainian government and a rapid Air Raid Alerts system for Android phones in Ukraine, support for refugees, businesses, and entrepreneurs, and measures to indefinitely pause monetization and significantly limit recommendations globally for a number of Russian state news media across our platforms. One of the most pressing challenges, however, is that the Ukrainian government is under nearconstant digital attack. That’s why one of our most important contributions to date has been our ongoing work to provide cybersecurity assistance to Ukraine. Shortly after the invasion, for example, we expanded eligibility for Project Shield, our free protection against distributed denial of service attacks (DDoS), so that Ukrainian government websites and embassies worldwide could stay online and continue to offer their critical services. We continue to provide direct assistance to the Ukrainian government and critical infrastructure entities under the Cyber Defense Assistance Collaborative — including compromise assessments, incident response services, shared cyber threat intelligence, and security transformation services — to help the Ukrainian government detect, mitigate, and defend against cyber attacks. In addition, we continue to implement protections for users and track and disrupt cyber threats to help raise awareness among the security community and high risk users and maintain information quality. This level of collective defense — between governments, companies, and security stakeholders across the world — is unprecedented in scope. It is important then to pause and reflect on this work and our learnings one year later, and share those with the global security community to help prepare better defenses for the future. This report outlines our analysis of these issues and includes the following three observations, informed by over two decades of experience managing complex global security events.