Aaron Grunwald: Has there been an increase in cyberattacks against financial and other organisations since Russia-invaded Ukraine?
Viktor Klymonchuk: There are reports which do confirm that there has been an increase in attacks which are more sophisticated, more organised, more in a group-like manner.
Today, any warfare in our usual comprehension--with tanks, etc.--is preceded by cyberattacks. And that’s what we have seen from open sources. There was an increase of attacks in the cyber domain before the physical intrusion of Russia into Ukraine. The number of distributed denial of service and phishing attacks increased in November and December.
More sophisticated attacks, like ransomware attacks organised by groups of people, have increased in Europe. In response, many state cybersecurity centres were put on alert well before February. This is the fact which we cannot ignore. For example, there was an attack on the Belgian ministry of defence, which can be attributed to a so-called zero-day vulnerability, in December ’21. On 14 January, 70 Ukrainian governmental sites were temporarily down. Some of them were heavily affected and some not heavily affected, but there was a large cyberattack on Ukrainian governmental sites.
Were banks and financial institutions also attacked?
I would say anything which could have been attacked, has been attacked. I don’t want to spell it out because there are specific bodies mandated to do this. It’s enough to say that over 70 infrastructures [were targeted]. I will say it was an unprecedented attack in history. Nevertheless, Ukrainian infrastructure has survived, banks are still operational.... The 29 January, there was the major attack on German oil terminals, which [forced] Shell to reroute the supply of oil.
Have the attacks in Belgium, Ukraine and Germany been attributed to Russian interests?
It’s a good question. So, initially, it was not attributed to anyone. But then, the German newspaper Handelsblatt [pointed to an] advanced persistent threat group which is called Blackcat. Reportedly--again, reportedly, because we don’t know their names--in several security bulletins they’re attributed to a Russian state-owned or Russian state-sponsored group. It started most actively in December 2021, meaning--again--everything was quite active before the physical intrusion into Ukraine.
Is the point to sow confusion, to distract people, to intimidate?
Well, we witnessed an attack on the Antwerp and Rotterdam ports.... the oil trading hub was heavily affected by the attack. Again, it’s up to respective services to comment and to make judgments to link or not to link this. But what we clearly see is that the critical infrastructure has been affected, has been under attack and affected heavily.
Economically, it triggered oil prices, which at that stage--December, January--was only in favour of one country, which was the Russian Federation, that’s for sure. I mean, that’s my personal point of view. Attacking oil processors in Germany and then the Rotterdam and Antwerp oil ports, to me, it’s quite obvious. It was not an attack on healthcare or, I don’t know, covid-related issues. It was clearly on critical infrastructure in Europe. The attacks took place. And some of them have been attributed to the newly emerging Blackcat group, which is attributed to the Russian Federation.
Prior to publication, Delano contacted the Russian embassy for comment, but did not hear back before press time. The Kremlin has previously denied any state involvement in cyberattacks.
This interview originally appeared in Delano magazine’s May 2022 print edition.