{
	"id": "ea3ce152-6a44-45b4-9f45-80b47508f503",
	"created_at": "2026-04-06T00:10:17.261717Z",
	"updated_at": "2026-04-10T13:12:29.117638Z",
	"deleted_at": null,
	"sha1_hash": "b0f84b4292c980ba0e03f3d0776322f345268dd0",
	"title": "Five Things You Need to Know About the Cyberwar in Ukraine",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 895892,
	"plain_text": "Five Things You Need to Know About the Cyberwar in Ukraine\r\nBy Radu CRAHMALIUC\r\nArchived: 2026-04-05 19:33:30 UTC\r\nEinstein once said he doesn't know what weapons will be used for the next World War, but he fears the war after it\r\nwill be fought with sticks and stones. A new world confrontation is highly unlikely at this moment but the\r\nweapons used are as high-tech as it gets as some of them use code instead of gunpowder.\r\nAs the first Russian troops started rolling into Ukraine, cybersecurity experts everywhere braced for the worst --\r\nsome of the biggest cybercrime gangs in the world are known to have close ties with the Russian government and\r\noperate from so-called “hacker heavens” in the ex-Soviet space.\r\nThe fears came to life when the Conti ransomware group publicly pledged its support to the Russian cause.\r\nSeveral Ukrainian banks and public institutions were hit by DDoS attacks and data-erasing malware, but,\r\nretaliatory attacks against western public institutions and companies have remained scarce. For now.\r\nhttps://www.bitdefender.com/blog/hotforsecurity/five-things-you-need-to-know-about-the-cyberwar-in-ukraine/\r\nPage 1 of 5\n\nIs this a sign that most organizations have correctly assessed the danger and strengthened their security, or is it just\r\nthe calm before the storm?\r\nHere’s what we know so far:\r\n1.     For now, Ukraine is the main target\r\nMost of the cyberattacks so far have focused strictly on hitting Ukrainian organizations, in at least three separate\r\nwaves:\r\non Jan. 14, 70 government websites were defaced and taken offline, including the Ministry of Foreign\r\nAffairs and the Security and Defense Council. However, according to the reports no data was leaked, and\r\ndowntime lasted a few hours. Almost at the same time, the Microsoft Threat Intelligence Center (MSTIC)\r\nreported active malware, dubbed WhisperGate, that was made to look like ransomware but lacked a\r\nrecovery component. This meant it was actually designed to destroy data.\r\non Feb. 15, Ukraine's two largest banks were taken offline by a massive Distributed Denial of Service\r\n(DDoS) attack that also affected mobile apps and ATMs.\r\non Feb. 23, another DDoS attack took out military and government sites while a data wiper called\r\nHermeticWiper was detected on hundreds of computers belonging to various Ukrainian organizations.\r\nSimultaneously, MSTIC detected a trojan dubbed FoxBlade that can surreptitiously weaponize victims’\r\ncomputers and use them in DDoS attacks.\r\nDespite the obvious interest in disrupting the Ukrainian infrastructure there’s no guarantee malware like\r\nWhisperGate, HermeticWiper or FoxBlade can’t spill over to computers in other countries too. Additionally, as\r\nmore countries join the sanctions against Russia, Russian-backed hackers could shift their focus and retaliate.\r\n2.     Ukraine is fighting back\r\nhttps://www.bitdefender.com/blog/hotforsecurity/five-things-you-need-to-know-about-the-cyberwar-in-ukraine/\r\nPage 2 of 5\n\nKremlin-backed hackers may have had the benefit of surprise, but the cyberwar isn’t one-sided at all. On the\r\ncontrary, after the initial shock, the Ukrainian government called for the assembly of a volunteer IT army that\r\nquickly started retaliating: the hacker collective Anonymous took down the Belarussian Railways internal network\r\nand almost 300 company websites in Russia. Conti’s internal messages and source code were leaked, the Kremlin\r\nsite was hacked, the Russian Nuclear Institute and the Russian Space agency suffered data breaches and Russian\r\ntv channels were hacked to show real footage from Ukraine.\r\n3.     It’s not just about companies\r\nThere’s a general belief state actors only go after companies and public institutions, but that’s not the case.\r\nSometimes they also target regular people. In late February, the national Computer Emergency Response Team for\r\nUkraine issued a warning of a major phishing campaign against military personnel. Even more worrying,\r\nEuropean officials were targeted with malware in an apparent attempt to disrupt efforts to help Ukrainian refugees.\r\nhttps://www.bitdefender.com/blog/hotforsecurity/five-things-you-need-to-know-about-the-cyberwar-in-ukraine/\r\nPage 3 of 5\n\nWhether they’re looking to gather intelligence, phish for credentials or obstruct humanitarian efforts, state actors\r\ndon’t discriminate when it comes to targeting regular people. Even if you’re not directly involved in the current\r\nsituation, it’s always a good idea to protect your devices from malware, update them regularly, use strong\r\npasswords and watch out for scams and phishing emails.\r\n4.     There are third parties taking advantage of the situation\r\nResearchers at Bitdefender Labs picked up waves of fraudulent and malicious emails exploiting the humanitarian\r\ncrisis and charitable spirit of people across the globe. The conflict in Ukraine is a gold mine for scammers and\r\ncriminal groups that aren’t necessarily politically involved but love making money. One of the preferred methods\r\nis using fraudulent emails asking recipients to donate money. Scammers are impersonating the Ukrainian\r\ngovernment, international humanitarian agency Act for Peace, UNICEF, and the Ukraine Crisis Relief Fund to ask\r\nfor crypto donations.\r\nhttps://www.bitdefender.com/blog/hotforsecurity/five-things-you-need-to-know-about-the-cyberwar-in-ukraine/\r\nPage 4 of 5\n\n5.     Cyberwar could be the next cold war\r\nThe lack of devastating attacks on western targets on the scale of Colonial Pipeline or Kaseya doesn’t mean the\r\ndanger has passed. Even if the military conflict ends, the cyber conflict is likely to persist for years, and all parties\r\ninvolved, whether government agencies, private companies, or regular users, must come to terms with it.\r\nWhether we like it or not, cyberattacks used for sabotage or spying aren’t going away anytime soon for a number\r\nof reasons: they’re cheap and efficient, they can be launched from anywhere in the world, they bring in good\r\nmoney, state responsibility is hard to prove and, most importantly, the number of potential targets is virtually\r\nunlimited.\r\nFor more tips, please check our dedicated cybersecurity guide in armed conflict zones.\r\nIn response to the military crisis and increased cybercriminal activity, Bitdefender \u0026 the Romanian National\r\nCyber Security Directorate (DNSC) are offering free cybersecurity protection for any Ukrainian citizen,\r\ncompany or institution, as long as necessary.\r\nSource: https://www.bitdefender.com/blog/hotforsecurity/five-things-you-need-to-know-about-the-cyberwar-in-ukraine/\r\nhttps://www.bitdefender.com/blog/hotforsecurity/five-things-you-need-to-know-about-the-cyberwar-in-ukraine/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bitdefender.com/blog/hotforsecurity/five-things-you-need-to-know-about-the-cyberwar-in-ukraine/"
	],
	"report_names": [
		"five-things-you-need-to-know-about-the-cyberwar-in-ukraine"
	],
	"threat_actors": [],
	"ts_created_at": 1775434217,
	"ts_updated_at": 1775826749,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b0f84b4292c980ba0e03f3d0776322f345268dd0.pdf",
		"text": "https://archive.orkl.eu/b0f84b4292c980ba0e03f3d0776322f345268dd0.txt",
		"img": "https://archive.orkl.eu/b0f84b4292c980ba0e03f3d0776322f345268dd0.jpg"
	}
}