Back in 2014, the first cyberwar in the world began between Ukraine and Russia. It continues to be active for ten years now, and it is challenging to single out a leading side. Both we and our opponents have caused a lot of damage to each other’s services, resources, and other cyber components.
We decided to investigate in detail how Russian hackers operate and how things work. To do this, we talked to experts in cybersecurity, media research, and the company that suffered the most significant cyberattack in the world.
“The big question of cybersecurity is to find out whether we were attacked or not”: a closer look at the means of cyber warfare
To investigate in detail how Russia is waging a cyberwar against Ukraine, we contacted Vasyl Ivanov, Co-founder at KeepSolid Inc. Firstly, we were interested in finding out what methods the Russians used to attack Ukrainians.
“Well, we need to start with phishing. Phishing is when the user is replaced with a web page that the person knows well with the same one but made by attackers. For example, we make a page similar to the Facebook authorisation form. Thus, a person is directed to this page, and how he is directed can be discussed separately. He enters the login and password. When he enters his login and password, he gets to his Facebook.
But the fact is that in addition to this, the attacker saves his login password, too. Well, of course, you can use it. How to achieve this? First, of course, letters from unknown people with links and files. Of course, it is not recommended to open any of them. Or, at least, on the device that will be the main one for the user.”
He added that to strengthen this phishing, for example, fake accounts can be used. That is, the question of making an identical social profile is not a problem at all.
“Take a person’s photo, upload it to a new profile, take his avatar, take his name, but actually, that’s it. Further, they send links to their friends with requests to open and watch there or to vote for some Eurovision. Well, all friends of such a person receive a phishing link.
I understood that the story with Kyivstar developed similarly. Well, judging from the description. The attackers got all the access through one of the company’s employees.”
He explained that this is the so-called “perimeter hacking” when the attacker cannot get into the company’s network, so he looks for an employee or an unprotected device with access through which it can be done. Typically, an attacker with these accesses can gain more privileges than the employee. Because the attacker understands much more about network technologies and is looking for additional vulnerabilities already inside. Next, malicious software is installed. It can be installed both after phishing and in general as a completely separate procedure.
“Well, for example, they sent you a file by mail there. You thought it was a PDF, but it’s not a PDF. On Windows, this was once a very common thing when they sent you a file like resume.pdf.exe. And for ordinary users who, by default on Windows, have the option “Hide file extensions”, the “exe.” was not visible.
The essence of malware is that it destroys data on the user’s computer. That is, we know as a virus. The viruses that we fought with antiviruses back in the 90s when the virus simply destroys your files, and there is no other purpose.”
Another approach that is often used is Social engineering, is the opposite of the old approach, which was called brute force — when attackers hacked other people’s accounts by simply going through the passwords in the database. Such a procedure is quite time-consuming and long.
Social engineering – is when, instead of brute force, attackers try to find something about this user.
“For example, the user has an account on social networks. And somehow, it was hacked. Somewhere, the user simply saved the password in a file or, as it still sometimes happens, I am horrified when the password of some account is written on a sticker that is stuck on the computer monitor. Then, photos from the corporate party in the same office are posted on the Internet. Where does the sticker go, exactly?
And, let’s say the same password of the user in social networks is used in ten more accounts, including online banking accounts. Thus, when an attacker knows a user’s password, he knows one or two emails of this user, and now he simply combines this password with e-mails and looks at the most popular Internet resources where this login password can be used.”
He said that there is a problem that many people do not even think that one password for all services used is a disaster. In addition, social engineering may concern passwords and the search for additional information about a person.
“Well, let’s say I want to log into some online banking of my victim or PayPal. To log in, for example, the system asks you to enter the last four digits of your bank card for confirmation. I don’t have them. But if I know something else about this user, then I can find these four digits in some other system, for example, on the Amazon site. It also works with a code word like “The name of the first dog” – it can be found in human social networks”.
He added that he does not realise their importance even if the company has relatively strict rules about passwords and the presence of two-factor authentication and the user follows all the company’s rules. For example, on his phone, where he has an authenticator, he has a PIN code of four units. If the hacker knows the password from the phone, he can also use the authenticator.
“Now it has become very fashionable since the moment of Covid, the concept is called “bring your device”. That is, when it is not the company that issues laptops that are quite strictly configured in terms of security, but when each employee has their laptop. It turns out that when this employee uses his laptop, what is installed there, well, one can only guess. The presence of torrents and unofficially installed Windows-type operating systems is very common. And you need to understand that when we download an operating system from some torrent, we have no idea what’s inside.
The second thing is when we have already installed a hacked operating system, which, at the functional system level, already monitors us and sends something to someone.”
DDoS – attacks are simply a huge number of requests so that the servers stop responding.
Sometimes it can be a request that causes the server to go down and not work, and this time, the company stops and loses money. Sometimes, it can be just a distracting manoeuvre done on purpose while the admins are busy with something else, trying to save the server. At this time, attackers gain access to take over the company’s data and merge it somewhere. Well, or just use them.
Further, there is still a huge number of different attacks, which are already done using highly specialised software. Attacks aimed at specific services running within Linux, for example.
“Well, these are purely technical attacks that are always aimed at searching for vulnerabilities, searching for known bugs that, let’s say, the software or operating systems manufacturer has not had time to fix. There is such a categorisation of vulnerabilities, and zero-day bugs are the most dangerous.
Well, roughly speaking, this is how long this vulnerability will become very real for users of this operating system and how long it will take for an attacker to take advantage of it. The smaller this number is, the faster the software manufacturer tries to fix it. And release an update. Because as soon as such vulnerabilities become known in the world immediately, “the city falls asleep, the mafia wakes up”, and they begin to use all the vulnerabilities found”.
By the way, we clarified how attackers can use public Wi-Fi to gain access to private data. Vasyl said that Wi-Fi can be used for phishing when presented with a page similar to Facebook but different. There are simpler things when a person connected to an open Wi-Fi scans the data of other users. That is, by connecting to open Wi-Fi, you can access the router itself, and once you have access to the router itself, you can control all passing data.
“In any case, even for the perpetrator himself, it is always a matter of effort and what he will get. Well, for example, why is it recommended to use different passwords for each account, for each account in different services? If you are an ordinary user who has not been worth chasing for a long time, if you are not the president of some country, or if you are not the director of a large company, then the attacker quickly becomes uninterested in hacking you. Because cracking your complex password is a big enough risk, even if it is a loss of time and computer resources.”
Vasyl singled out the following targets of cyberattacks:
- just offend a person;
- receiving some financial benefit;
- causing damage to a company corporation or trying to make money from it;
- damage to either state-owned companies or private companies working for the state. Simply to worsen the work of some state corporation or the entire state.
“If you take, for example, our VPN, we have registered about 40 million users in 10 years. Of course, thousands of our servers are under enough pressure every day.And we cannot very easily determine at what moment the attack begins. The essence of a VPN is, in principle, a constant huge number of different connections. And when we get attacked every month, it usually means something big is happening. And in our case, it is a purely competitive struggle. Either these are political measures. Well, the last few times, these were attacks from Iran. Attacks from Iran, honestly, I don’t understand whether it can be something competitive.”
He explained that cyberattacks on Ukraine are carried out every day, because the work of Russian hackers, no matter who they are represented by, is the same as that of a conventional “office worker”.
“They are constantly looking for opportunities for vulnerability in all resources found in Ukraine. And not only in Ukraine, because there are resources of other states, which, for example, help Ukraine. “Now, Ukraine announced the news that they will store some citizens’ data on Polish servers.”
Vasyl called this event controversial because it is possible to take the servers out of Ukraine only because of the loss of power, then they will be available. But on the other hand, if they move their servers, which belong to the state, to another country, they will completely lose control over that data. Because of any cloud, these are physical servers that are located somewhere. And when you don’t control this “hardware”, you don’t control who’s going to plug some wires into it.
“That is, we told them, for example, the servers with the data of Ukrainian citizens will be located in Poland. Well, it means that the search area for the guys is narrowing now. Now, you need to find a server in Poland that can store the same data. And it turns out that this is already an attack not on the territory of Ukraine but on Poland. Because it will be done through Polish Internet resources. But, all the same, to offend Ukraine. Or, let’s say, they will try to attack the servers of any logistics company, or even the military industry, which makes or transports weapons to Ukraine.”
On May 16, 2023, Ukraine officially joined the NATO Cyber Defense Center of Excellence. Our expert considers this event ambiguous.
“From a positive point of view, probably during the war, when we don’t know in which city a rocket can land and simply destroy the data center, of course, take out the server, from the point of view of physical security, this is logical.
On the other hand, we know that the most prominent hackers are not the ones shown in The Bourne movies. In real life, we know that the most prominent hackers are Ukrainians, and Russians. But in general, for me, as a manager, it is more of a cultural question, because unfortunately we are used to more damage, I think.
We as a whole, I don’t mean anybody in particular or any specific people. So we will be teaming up with NATO forces, I’m not even sure if that makes a lot of sense. Because maybe it will be the same as now with the SSU operations when some countries just learn from our operations.”
Vasyl explained that when our SSU conducts some special operations, such special operations are of interest to the special services of other countries. In his opinion, we will teach NATO forces some features of Internet fraud.
“Well, let’s also consider the political issue. In general, the desire to join NATO, even though Trump recently announced that he would encourage Russia’s war against those NATO countries that do not properly contribute to NATO itself.
And, accordingly, the question is – now, if we interact with such a country within the framework of Internet security, and some conditional president of America or another country begins to encourage external threats to this country, then we will somehow get something from this Is that a plus, or will we just get an additional burden? Although we are still waging our war. I would just look at it a little more broadly than the fact that we can team up with another country and get more computing power. This is not the most interesting thing.”
Our expert singled out one of the most interesting nuances of cyberattacks – understanding that we were attacked.
“There is still a huge question about cybersecurity. Did we find out in principle that there was an attack on us? Why do they attack providers, Internet providers, and telephone providers? Because they have a huge number of subscribers. And when you can access any provider’s infrastructure, you get a lot of data from all these subscribers, including the most important.
Many people think they are protected and have now set up SMS login confirmation. Well, this is just the case with Kyivstar, when attackers gained access to the entire infrastructure of Kyivstar. So now we don’t even know how many other accounts have been hacked, or where the text messages should be going. Attackers, instead of real users, now receive an SMS confirmation. And it is very likely that many people still do not know that their resources have already been accessed.”
He advised all Kyivstar users everywhere to change their passwords. If there is an opportunity to replace SMS confirmation with some authenticator from Google or KeepSolid. Or, even more remarkably, physical keys, which are considered even more reliable than an authenticator.
“And here, by the way, there is also an interesting question, which is precisely what our military, who are on the front lines, must think about. If some of their messengers were accessed, there is a possibility that while they think that they, their superiors, or their family are dropping some information about where they are now, there is a possibility that malicious people also are reading these messages right now.
Whether a cyberattack or an already hacked company network will be noticed depends on the qualifications of the employees. It is almost always possible to detect. Very often, such external attacks are reflected, for example, in the fact that information is saved in logs. Let’s say the number of errors increases. Or the number of logins of some users increases.
We asked Vasyl if there is a possibility that Ukrainian messengers can be “eavesdropped” by enemy special services – in his opinion, it is impossible to say for sure. However, he highlighted that Telegram has a very good “private chats” function, that is, such dialogues will be saved only on a specific device and not in the account as a whole.
However, he is more intrigued by the question, which of the messengers, for example, went to make a deal with the government?
“What does this mean? You have everything protected; everything is encrypted, but it is decrypted in the course of the case on the server provided to the state. And, accordingly, the state reads all this. Naturally, you and I do not know about such conspiracies.
For example, if you take the history of our VPN, we have had a substantial increase in the number of clashes with different states. First, it was China, then Russia pulled up, and so on. The government directly writes to us that we want access to your VPN servers; otherwise, we will block you. That’s how we lost most of our users in China in the first place. Because, of course, agreeing to such an unequal offer isn’t attractive. And then, at the beginning of the war, when cyberattacks on Ukrainian infrastructure began through our VPN, our authorities simply asked us to close access to the Russians. Actually, at the request of our state, we left all users from Russia to ourselves. Moreover, there was no selective approach: who paid, who did not. It’s just that everyone’s access was closed, and that’s all.”
Artificial intelligence: the danger of the coming years
Vasyl Ivanov focused our attention on the fact that artificial intelligence technology will be actively developed in the upcoming years, which is very dangerous.
“Well, recently, there was news that in some Asian corporation, an employee transferred 20 or so a million dollars to an attacker who, with the help of artificial intelligence, simply pretended to be some kind of, I don’t remember, either a counterparty or another employee.
We discussed with you that there is social engineering when collecting data about you on the Internet that you have posted is possible. Well, for example, some service asks for your mother’s birthday. And on your Facebook page, you congratulated your mother on her birthday yesterday. Well, thanks for the information. And it turns out to be even more interesting here; you don’t even need to collect anything about yourself. Here, they just took a few of your photos or videos from Instagram and took your voice. And that’s what you get with modern online work when everyone sees each other only through a computer camera.”
This is dangerous because, in addition to causing damage, innocent people can also begin to suffer. When someone introduces themselves with your face and your voice, and then they ask you why you stole money, and you don’t even know that you stole money, The threat is that a person becomes incapable of recognising the false. And now we just have to find new ways to fight it.
“They have already recorded a video with Zaluzhny and President Zelenskyy, who is saying something to the Russians. Well, it can be seen that the work was done very quickly. But even with how quickly it was made, right from the start, sometimes it’s not even immediately clear, it’s a DeepFake, or if it’s the real president, it’s just a little more aggressive today.”
DeepFakes – the manipulation of facial appearance through deep generative methods. While the act of creating fake content is not new, deepfakes leverage powerful techniques from machine learning and artificial intelligence to manipulate or generate visual and audio content that can more easily deceive.
Now, a considerable number of online services are switching to working with artificial intelligence. OpenAI tried configuring its GPT chat so that this system does not respond to some questions. Well, for example, on the question of how to make a bomb. On the other hand, they have already learned to work around it.
“But this is another interesting threat, let’s say, not to cybersecurity, but to common sense in general when a system is trained based on some public data, which then makes its judgments. If we take these public data, which were already known to be false, some system processes it and issues a new type of information. As it is derived from the original information, we fall into a huge ocean of informational delusion.”
All about intimidation: how Russians target Ukrainian media and social networks
In addition to classic cyberattacks, the Russians are also invading Ukrainian media space and social networks. For example, two trends have been noticeable recently: the creation of DeepFake and fake pages of government officials on social networks. We asked Yana Mashkova, a media researcher and analyst at the Institute of Mass Information (IMI), why such actions are dangerous.
“Recently, there has been a tendency to create fake pages of OVA leaders on Facebook or fake Telegram channels. However, all these pages have a similar style – anti-Ukrainian appeals or messages about the need to end the war on terms favourable to Russia. Also, the Russians practice creating DeepFake videos that seem to discredit the Ukrainian authorities or that Ukraine needs to appear, that Ukrainians should be friends with Russians, and so on.
The primary purpose of such videos is to create misunderstandings among Ukrainians, to cause mistrust, or to depress the mood. However, Ukrainians need to understand that the Russians made such methods during the first days of the war, even before the full-scale war. Therefore, the best option for maintaining mental health and peace of mind is to consume information only from official sources,” – she explained.
In addition to fake accounts of government officials, Russians also create pages of “ordinary Ukrainians or the public” on the most popular social networks. An extraordinary number of Russian channels on Telegram mimic Ukrainian ones. At first, they posted neutral content to hook the audience, and later, they started posting pro-Russian messages, discrediting the government and the Armed Forces. Posts in such groups are in Russian, this is one of the red flags.
“Currently, if Ukrainians want to follow new sources of information, they need to question everything because, over time, Russian propagandists improve their skills, and fakes, manipulations, and half-truths become more sophisticated, so there is a possibility that you can fall for the Russians. I advise you to subscribe to the social media outlets included in the IMI White List. These media have a physical editorial office, a team of journalists, and specialised education. In case of inaccuracies or fakes, such editors will apologise to the audience, in contrast to anonymous telegrams, which only increase the audience and mislead with lies and fakes,” – said Yana Mashkova.
The so-called “Solntsepyok” group attacked “24 Kanal” and “Suspilne Novyni” in 2023. Then, they managed to disable the sites for a certain time and post their messages threatening Ukrainians there.
“The Russian group of hackers began to create messages with threats and insults against President Volodymyr Zelenskyy and to send corresponding “push messages” to readers.“24 Kanal (24 Channel)” wrote.
According to Yana Mashkova, during the almost two years of full-scale invasion, IMI experts recorded 62 cybercrimes committed by Russians:
“Most often, these are DoS attacks, letters with threats, phishing letters, hacking of pages in social networks, and creation of fake pages of Ukrainian media to spread Russian propaganda. However, the most important goal of all these crimes is to intimidate Ukrainians, paralyze the work of the editorial office, and put psychological pressure on journalists.”
Also, at the beginning of the war, the Russians actively distributed videos of executions and torture of Ukrainian soldiers on social networks. This shook the country and provoked a violent reaction beyond its borders. We will not link to these videos for ethical reasons, but you can read about the most high-profile case since the full-scale invasion began at provided link.
“The barbarity and depravity of the Russian invaders is revolting. Castration, murder, rape, killing children, leveling cities. Unmitigated evil,” – wrote Paul Massaro, an adviser to the US government, on Twitter.
Specifically, in this case, the Prosecutor General’s Office opened criminal proceedings for violating the laws and customs of war (Part 1 of Article 438 of the Criminal Code of Ukraine).
“Such videos hurt any person, even if they are not close to them. The Russians use videos of torture, violence, or executions to intimidate the Armed Forces, demoralise future military personnel, and intimidate their families.
I believe that the distribution of such content by Ukrainian media is unacceptable. It should always be remembered that the families of the victims should not learn about the death of their relatives from the media or social networks. In cases when the media pulled videos and screenshots of the execution of Ukrainian soldier Oleksandr Matsievskyi, they caused pain to the family of the deceased. We can say that they did the Russians a favour with such publications,” – emphasised the media researcher and analyst of the Institute of Mass Information (IMI).
The occupiers also like to make propaganda videos with the forced participation of Ukrainian prisoners of war. This was the experience of the paramedic Yulia Palievska, known as “Taira”, who spent several months in captivity.
“Volunteer and paramedic Yulia Paevska (codename “Taira”), who the occupiers captured, appeared in a video of Russian propaganda media. In the video, the propagandists of the Russian Federation call Paevska “a member of the Azov battalion”, although she is not a military servicewoman, but a civilian volunteer paramedic. “Tyra” called for the evacuation of civilians from Mariupol who could not leave the city for one reason or another,” – they wrote in the Verkhovna Rada of Ukraine.
Mashkova believes that the Russians use videos of Ukrainian prisoners of war for their propaganda for the local population, to once again reinforce the narratives about the “Nazis”, anti-Western narratives, and the supposed influence of Europe and the USA on Ukraine about the terrible state of the Ukrainian army, etc.
“With such videos, the Russians increase their credibility among the locals and also aim to attract a larger number of people to go to war in Ukraine, as if to save the “brotherly people.” At the same time, there is no need to condemn the Ukrainian prisoners of war because, in this way, they may be saving their lives, and we will find out what happened after the hostilities are over and our people return home,” she added.
She also explained that Russian propaganda also operates abroad to influence the international audience. Example:
“The Russian state news agency “Russia TODAY” has a branch in almost every country. This Russian propaganda spreads news with messages that benefit Russia and its allies. For example, there was a case in October 2023 when the host of RT’s Arab branch tried to manipulatively question the speaker of the Israeli army, the IDF, about the fact that Hamas terrorists supposedly had weapons that Western partners provided to Ukraine. And the Armed Forces of Ukraine sold these weapons on the black market. It is clear that Israel denied this information, but we understand that Russian propagandists are trying to use any excuse to discredit Ukraine.”
By the way, “The Ukrainian Review” has already written a detailed article about the war in Israel, explaining who Hamas is and what they want.
Mashkova added that Russians actively use Telegram channels to terrorize Ukrainians and promote anti-Ukrainian narratives.
“In a recent IMI study on mobilization, I noticed that the Russians were sending messages to the Telegram channel so that Ukrainians would refuse to mobilize. And in Telegram channels, they offered to flee abroad, or rather serve time behind bars, but just to not go to war. Because, according to the propagandists, the men will remain disabled or in the status of “missing,” – said the interviewee.
Such narratives were spread by channels that mimic Ukrainian but are moderated by Russians and publish materials to discredit the government and the Armed Forces and worsen the mood of Ukrainians.
By the way, in the year and eleven months since the start of the full-scale invasion, Russia has committed 558 crimes against journalists and the media in Ukraine. Among them are the following cybercrime and related offenses:
- turning off Ukrainian broadcasting and broadcasting Russian propaganda – 28 cases;
- harassment and threats to journalists – 68 cases;
- direct cybercrimes – 61 cases;
- blocking of Internet media access – 10 cases.
An additional 234 media outlets were shut down for reasons related to the full-scale invasion.
The world’s biggest cyberattack: the Kyivstar experience
On December 12, 2023, a large-scale hacker attack was carried out by Russia on the Kyivstar mobile operator company. Then, their 24 million subscribers lost mobile communication and the Internet, while users could not join other operators’ networks as part of intro-Ukrainian roaming. There were also problems with operating many terminals and other devices that depended on the provider’s Internet.
Oleksandr Komarov, president of Kyivstar, said this was the world’s biggest cyberattack.
“This is the largest hacker attack on the telecom infrastructure in the world. There have been no successful attacks of this scale. And, let’s be honest, there are not many countries that Russia has attacked,” – he said.
We managed to talk to Yuriy Prokopenko, director of cybersecurity at Kyivstar (until January 31, 2024). He told what losses the company suffered due to a cyberattack:
“The cyberattack primarily affected the technological systems that were responsible for communication. However, after 35 hours, Kyivstar restored voice services and, in 58 hours, returned the data transmission service. The company is still studying the impact of the cyberattack on the network, and the final amount of damages is still being determined. The company decided to cancel the scheduled fee for the tariff for all subscribers as a sign of gratitude for their loyalty and support. But we do not consider it a financial loss. This is an investment in strengthening partnership relations with our subscribers.”
He added that the hacker attack was aimed at the network’s core – databases and voice communication systems. The network management center and base stations were not affected, as were customers’ personal data. No fact of leakage of personal data was found.
In December 2023, Oleksandr Komarov said that Kyivstar had repelled more than 500 hacker attacks since the beginning of the Russian invasion. We asked Prokopenko why the Russians succeeded in attacking this time.
“The active stage of the cyberwar against Ukraine began back in 2014. Since the beginning of the full-scale invasion of the aggressor, Ukraine has become the first in the world in terms of the number of cyberattacks. The main goal of international and Russian attacks on Ukrainian cyberspace was the destruction of critical information infrastructure, data theft, espionage, as well as disinformation to spread panic within the country. During the war, the number of cyberattacks on the Kyivstar network increased by 400-450%. The company constantly improves the protection of business processes, updates procedures that prevent cyber incidents, and increases investments in this direction.
It should be taken into account that the cyberattack suffered by Kyivstar was carefully planned and carried out at such a powerful level that hardly any other company in Ukraine could withstand it. The cyberattack on Kyivstar was not carried out by some hacker group but by the military structure of the aggressor country, which purposefully sought to make it impossible to provide telecom services in Ukraine and had financial, technical, and human resources to do so. Despite this, thanks to the constant strong efforts of the Kyivstar team, we managed to restore services incredibly quickly,” – he said.
He added that Kyivstar’s cyber team is highly professional, thanks to which the company managed to repel thousands of cyberattacks during a full-scale invasion. Currently, they are working on introducing additional measures to strengthen the protection of business processes and control access to workstations and information bases.
“Our software and hardware suppliers supported us. These are Ericsson, ZTE, Microsoft, Cisco, Huawei – we are grateful to everyone who promptly offered their help and time,” – explained Prokopenko.
Today, Kyivstar systematically helps society, the country, and subscribers overcome wartime challenges. Since the beginning of the full-scale enemy invasion of Ukraine, the company has assisted society in the amount of more than 1.4 billion ₴. At the center of assistance is the reconstruction of Ukraine’s digital infrastructure, demining of the territory of Ukraine, assistance to medical institutions where people with burns are rescued, support of the competent assistance funds of the Armed Forces of Ukraine, provision of the internet for shelters and towns for displaced persons, etc.
From the latter, it is known that on January 16, 2024, 10 engineering and sapper groups received the necessary equipment and pickups worth more than ₴10 million thanks to Kyivstar. However, the “Let’s Live Here” project is still collecting donations – the current total is ₴170 million.
Currently, Russian and Ukrainian hackers are fighting daily in the interests of their own country. There are many cyber warfare methods, and one of them is Artificial Intelligence. It has become more popular and has a lot of hidden perspectives and dangers. Most of the victims are ordinary people, cause they ignore some rules of cybersecurity, such as creating hard passwords or clicking on enemies’ links. Big companies also have been damaged by Russians, and it’s also a huge problem for Ukraine. By the way, it’s hard to pick one of the most powerful sides in this cyberwar, because a lot of victories and losses are still hidden.
Tetiana Stelmakh
