In February 2022, Russia invaded Ukraine, leading to significant changes in the country. One group affected by these changes is the Cyberpolice Department of the National Police of Ukraine. Yevhenii Panchenko, the chief of division of the Cyberpolice, explained during a conference that their responsibilities expanded in response to the war. The department, which consists of around a thousand employees, now focuses not only on combating cybercrime but also on actively countering aggression in cyberspace.
Panchenko revealed that the Cyberpolice tracks crypto-related crimes, including monitoring the flow of cryptocurrency funding the war. Additionally, they are responsible for identifying and investigating cases of Russian hackers attacking Ukraine’s infrastructure. However, cooperation with Russian law enforcement is non-existent, making it challenging to obtain information about IP addresses or other crucial details. The department must find new ways to exchange data with intelligence services.
The invasion also prompted the Cyberpolice to take on new tasks, such as tracking war crimes committed by Russian soldiers in Ukraine. Panchenko mentioned that Russian soldiers sometimes post evidence of these crimes on social media. The department collects this evidence to use in investigations.
The landscape of ransomware attacks in Ukraine has also changed since the invasion. Panchenko explained that Russia’s main goal is to show its effectiveness and strength rather than focusing solely on monetary gain. They conduct disruptive attacks to display their hacking capabilities and target critical infrastructure. As a result, there has been a decrease in ransomware cases but an increase in disruption attacks.
Distinguishing between pro-Russian criminals and Russian government hackers has become more challenging. Panchenko noted that these hackers often hide their true nature by using catchy names and avoiding appearing as government or military units. They have started organizing groups on a massive scale and even publish intelligence and attack results on the internet to amplify their impact.
To combat these hackers, the Cyberpolice relies on collecting evidence and sharing it with law enforcement agencies in cooperating countries. By gathering information about the attackers and proving their involvement in attacks, they can potentially apprehend them when they are outside of Russia, even years later.
The department also collaborates with cyber volunteers, who are knowledgeable individuals from various countries, including the United States and the European Union. These volunteers assist with blockchain analysis, collecting data on Russian fundraising campaigns, and informing the Cyberpolice about new hacking groups. Their cooperation is crucial because it is impossible for the department to cover all activities alone, given Russia’s vast size and numerous hacker groups.
Moreover, the Cyberpolice engages in initiatives like Project BRAMA, which aims to block and destroy Russian propaganda and psyops materials on the internet. They have successfully blocked over 27,000 resources belonging to Russia, preventing the spread of false narratives. Additionally, the department fights against fraud targeting Ukrainian citizens and provides cybersecurity training to raise awareness and protect individuals from attacks.
One significant aspect of Russian fundraising for the war involves the use of cryptocurrencies. Panchenko explained that Russians utilize various types of crypto, ranging from Bitcoin to Monero. However, as many exchanges cooperate and confiscate funds linked to military support, Russians now understand the risks associated with certain cryptocurrencies. The Cyberpolice takes action by labeling addresses and attributing them to specific campaigns. Sanctions play a crucial role in combating this type of fundraising.
In terms of cyber resistance, the Cyberpolice focuses on training citizens and providing advice on how to respond to expected future attacks. They aim to create a resilient cyberspace for users and resources.
Overall, the invasion of Ukraine by Russian forces has significantly impacted the Cyberpolice Department’s responsibilities. They have adapted to the changes by expanding their efforts to combat cyber threats and actively counter aggression in cyberspace. The department plays a vital role in tracking crypto-related crimes, investigating Russian hacker attacks on infrastructure, and collecting evidence of war crimes committed by Russian soldiers. Through collaborations with cyber volunteers and initiatives like Project BRAMA, they work towards protecting Ukrainian citizens and countering Russian propaganda and fraud.