Ukraine War: UK reveals £6m package for cyber defence
- Published
A UK programme has been secretly helping Ukraine defend against Russian cyber attacks, it can now be revealed.
Details of the £6m package had not been made public before to protect operational security, officials say.
Ukraine saw unprecedented attacks from a range of Russian intelligence services, according to those involved in the programme.
But Ukrainian defences - supported by its allies - helped it withstand many of the attempts to take down systems.
Russia has repeatedly dismissed claims it has carried out cyber attacks.
The targeting of Ukraine in cyber-space was believed to represent the most extensive compromise of a single government seen in history, those involved in defending Ukraine say.
Russian attacks came in waves, accelerating in the second half of last year as Moscow prepared for its invasion, security sources say.
The next wave saw it seeking to disrupt government ministries around January and February and then moving to a new, more opportunistic phase in recent months, according to the sources.
The UK had long worked with Ukraine on cyber defence but shifted to providing direct help after the invasion, it has emerged.
The assistance focused on working with industry partners to provide specialist forensic capabilities to detect and investigate attacks as well as offering hardware and other systems to bolster defences.
"We brought some of our expertise to bear on helping them defend from what has been a daily onslaught of cyber attacks from Russia since the start of the invasion," said Leo Docherty, Europe minister at the Foreign Commonwealth and Development Office (FCDO).
Support is provided through the FCDO, with officials saying it has led the way amongst allies in providing specialist expertise.
The US military's Cyber Command also recently revealed to the BBC the way in which it helped hunt Russians inside Ukrainian systems, although their team had withdrawn by the time of the February invasion.
Sources close to the UK programme, which includes extensive private sector support, say they saw waves of attacks, sometimes using innovative techniques.
Human agents
This included targeting satellite communications to get inside sensitive networks and using networks of human agents on the ground to gain access to key systems - infected USB devices were found which apparently were inserted into computers.
In some cases, there were attempts to knock ministries and infrastructure offline. But Russia did not initially appear to try and destroy telecommunications and energy sector networks, most likely because they were hoping to utilise them for their own purposes and "live off the land", according to one person involved.
Back in 2015, hackers linked to Russia were able to turn off a power station in the country for hours and after an initial delay, electricity systems have been increasingly targeted this year.
"We've seen on a daily basis now the terrible images of the way that the electrical grid in Ukraine has been battered by ballistic strikes and drone strikes from the Russians - they face the same threat and same challenge in the cyber domain," Mr Docherty told the BBC.
In the early months of the war, the teams supported by the UK are also said to have seen specific Russian targeting of databases looking for personal identifiable information at the village, district and city level, which may have been Russian intelligence services seeking to identify and locate officials.
The full range of hacking groups from all three of Russia's intelligence agencies have been spotted with military intelligence, the GRU, the most active, sources say.
The most advanced capabilities appear to have been kept back for targeting senior Ukrainian officials. One of the most stealthy groups, codenamed Turla and linked to Russia's FSB security service, was also seen in two locations thanks to mistakes it made. Meanwhile, Russia's foreign intelligence service, the SVR, has been continuing to spy on the US and European governments.
New Russian teams were also seen being mobilised along with greater innovation in the way malicious software was developed and deployed, those involved claim. There are signs though that the conflict has temporarily disrupted the Russian criminal world with splits between groups over the war, those involved in observing the dark web say.
Those involved say that despite effective defences, led by the Ukrainians and supported by allies, cyberspace remains heavily contested as Russia continues to seek new ways of carrying out its ambitions.
"The UK's support to Ukraine is not limited to military aid - we are drawing on Britain's world-leading expertise to support Ukraine's cyber defences," Foreign Secretary James Cleverly said. "Together, we will ensure that the Kremlin is defeated in every sphere: on land, in the air and in cyber space."
"The threat remains real and the UK's support package is undoubtedly bolstering Ukraine's defences further," said Lindy Cameron, chief executive of the National Cyber Security Centre, an arm of the intelligence agency GCHQ.
Related topics
- Published31 October 2022
- Published31 October 2022
- Published30 October 2022