Ukrainian official touts country’s wartime cyber intelligence efforts
KYIV — Intelligence gathered in cyberspace is helping Ukraine understand Russia's plans and stop the enemy from carrying them out, according to the country’s top cyber and information security official.
Illia Vitiuk, head of cybersecurity at the Security Service of Ukraine (SBU), said Thursday that hackers have been getting into Russian systems to find out the Kremlin’s targets, how the enemy’s troops move, and how Russia avoids Western sanctions.
For example, the SBU recently acquired intelligence about Russia's attempt to obtain, through other countries, thousands of microchips for Iranian Shahed drones that are used to attack Ukraine. "With the help of our partners, we successfully blocked this shipment," Vitiuk said at the iForum conference in Kyiv.
Before hacking into enemy systems, Ukrainian specialists often collect open-source intelligence: Vitiuk said they figure out the infrastructure, IP addresses and operating systems of their targets to understand how to exploit vulnerabilities and gain access to their devices.
“Cyber intelligence helps us to obtain top-secret enemy documents,” Vitiuk said. “In the past, we had to recruit a spy in the enemy's country to get this kind of material, which was risky and time-consuming.”
Left to right: Yanina Korniienko, an investigative journalist at Slidstvo.info; Artem Starosiek, CEO at open-source intelligence agency Molfar; and Illia Vitiuk, head of cybersecurity at the Security Service of Ukraine appear at the iForum conference. Image: Daryna Antoniuk / The Record
Leaked Russian documents also play an important role in Ukraine’s cyber intelligence efforts, Vitiuk told Recorded Future News.
He pointed out the recent hack of MosgorBTI — a Russian website that gathers information about property owners in Moscow — as an example of a successful data leak. “Now we know what properties Russian politicians, military, and special services own,” Vitiuk said.
He didn't disclose the hacking group responsible for the MosgorBTI breach. "We'll know who's responsible for cyberattacks on Russia after the war," he added.
Rise of the chatbots
Another source of intelligence is chatbots running on the Telegram messenger, Vitiuk said.
At the beginning of the war, the Ukrainian government created the bots to encourage citizens to share details about Russian military movements, identify collaborators and report on traitors assisting Russian troops in targeting Ukraine with missiles.
Ukrainian analysts gather this information, verify its accuracy, compare it with data from other sources and then provide it to the Ukrainian military or intelligence services. Information from the bots helped Ukraine destroy hundreds of units of enemy equipment, Vitiuk said.
Russia is also trying to spy on Ukraine, of course. At the beginning of the war, Russian hackers focused on using wipers to destroy Ukrainian systems. Now they are mostly employing malware to gather information from private messengers, emails, and devices, said Yurii Shchyhol, head of Ukraine’s State Service of Special Communications and Information Protection of Ukraine (SSSCIP), in an interview with the Recorded Future News in May.
Just this week Ukrainian security services said they prevented an attempt by Russian state-controlled hackers to break into the battlefield management system used by the Ukrainian military.
The attack was directed toward gaining access to sensitive information related to the Ukrainian military's operations, whereabouts, equipment and movements, the SBU said.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.