The news is filled with horrific images of the physical destruction of Ukraine by Russian troops and missiles. What is missing from the picture is the untold story of the battle inside the cyber and information domains. US intelligence officials have known that the Kremlin has been using “soft” and “hard” tactics to target Ukrainian military, government, and private sites for years. Russia’s attacks on the sovereign nation’s critical infrastructure, including government websites, affiliated organizations, media, and critical financial infrastructure have intensified since the start of President Putin’s current “special military operation,” according to Jamestown Foundation’s Alla Hurka. The Security Service of Ukraine (SSU) announced in late March its “cyber units managed to shut down an inter-regional network of five enemy bot farms with the capacity to direct over 100,000 fake social media accounts,” according to Hurka. The Kremlin is using this invisible bot army to support the war in Ukraine with a highly organized and unprecedented disinformation campaign.
One goal of the cyber attacks is to spread disinformation across a wide sector of the Ukrainian population to incite panic and disrupt the country’s effort to combat Russian aggression. Stories include false narratives about Ukraine’s top leadership. A series of fallacious reports suggested President Zelensky fled the country with his family, leaving the citizenry to fend for themselves. Another reportedly provided false data on the morale of Ukrainian troops indicating they were defecting and soon would be defeated by superior Russian forces. Another provided information that Ukraine over-inflated the number of civilians killed in the country. Repeating the pattern casts doubts into the minds of civilians in Ukraine and in other countries, including the United States. Social media accounts also are filled with suggestions by Russian trolls that “the West doesn’t really know what is happening” or the identity of the bad guys. The SSU acknowledged in a recent report that the network is “supervised by the Russian special services, used various social networks, including those banned in Ukraine, to carry out large-scale information sabotage activities to destabilize the socio-political situation in various regions of Ukraine.”
In a physical search of the bot farm sites conducting cyber warfare, law enforcement officers seized numerous pieces of special equipment, including around “100 GMS gateways, 10,000 mobile phone SIM cards of various mobile operators used to disguise the activities of the bot farms, and an unspecified number of computers and laptops used to run cyber operations,” according to the SSU. Three weeks ago, Ukraine eliminated a bot farm that sent 5,000 cellphone text messages to Ukrainian military and law enforcement personnel pushing them to defect and surrender to the Russians. As fast as Ukraine can identify and neutralize a Russian cyber campaign another springs up to replace it. Artem Dekhtyarenko, a spokesman for the Ukrainian Security Service said “The most interesting thing is that all the equipment was placed in Dnipropetrovsk region, but remotely controlled from the Russian Federation.”
More than 7,000 cell phones inside Russia are part of Putin’s ongoing disinformation campaign and includes apps such as Telegram, WhatsApp, Facebook, and Viber. The SSU points out in a recent report that one bot farm can create over 10,000 fake social media accounts in a month using Russian domains forbidden in Ukraine, while also conducting attacks on systems of critical infrastructure facilities, sending malware phishing emails and executing distributed denial of service (DDoS) attacks on government information resources. Farid Safarov, Ukraine’s deputy minister of energy for digital development, digital transformation, and digitization, estimated that the number of cyberattacks against Ukraine’s energy sector during the first 40 days of the ongoing war exceeded 200,000. Hurka points out that during the week of April 4 alone, there were “approximately 20,000 cybersecurity incidents.” Over 50 of the recorded attacks were directed at Ukraine’s electric supply. In 2021, there were only two such recorded attempts by foreign entities. These attacks aimed to damage high-voltage electrical substations, computers, and networking equipment.
In response, the Ukrainian government’s Ministry of Digital Transformation and the Ministry of Culture and Information Policy recently created an all volunteer “Internet Army,” which includes an international IT legion of more than 310,000 Ukrainian and foreign IT professionals willing to go to war against Russian’s cyber forces. To join the army, a volunteer goes on Telegram or Discord channels where tasks are assigned. One also can use Viber, Facebook, Twitter, Instagram and Reddit to help pressure Russian outlets and urge companies to withdraw doing business in Russia. While kinetic warfare rages on the ground in Ukraine, an invisible army is hard at work opposing Putin’s special military operation in cyber space.
Daria Novak served in the U.S. State Dept. and teaches at a major university