Since an infamous 2015 attack on Ukraine’s power grid left part of Kyiv without electricity for hours, the US has been assisting Ukraine in strengthening its cyber defences.
This surge of US personnel in October and November, on the other hand, was in preparation for an impending war. People familiar with the operation described a sense of urgency in the hunt for hidden malware, the type that Russia could have planted and then left dormant in preparation for a devastating cyber-attack in tandem with a more conventional ground invasion.
Experts warn that Russia may still launch a devastating online attack on Ukrainian infrastructure, as Western officials have long predicted. However, years of effort, combined with the last two months of targeted bolstering, may explain why Ukrainian networks have fared so well.
Russian cyber-attacks have been mitigated because “the Ukrainian government has taken appropriate measures to counteract and protect our networks,” according to Victor Zhora, a senior Ukrainian government official. During the first ten days of the Russian invasion, nearly one million Ukrainian civilians sought refuge on the rail network.
If the malware had gone undetected and been activated, “it could have been catastrophic,” according to a Ukrainian official. Ukrainian police were being bombarded with so-called “distributed denial of service attacks.” These are simple attacks that bring down networks by flooding them with requests for small amounts of data.
Because these onslaughts frequently target commercially available software, major Western corporations have been forced to devote resources to defending Ukrainian networks. Microsoft has been running a Threat Intelligence Centre for months, directing its resources between Russian malware and Ukrainian systems.
