Some of the online combatants have shifted away from tactics used earlier in the conflict. In the first phase of the war, Ukrainian hackers focused on attacks intended to knock Russian websites offline. Russian hackers targeted Ukrainian government websites in January, ahead of the invasion, installing “wiper” malware that permanently clears data from computer networks. More recently, Russian hackers appear to have mounted attacks that could have turned off electricity or shut down military communications. (Several of those efforts were foiled, American officials say.)
But the disclosure of personal data is more akin to information warfare than cyberwarfare. It has echoes of Russia’s tactics in 2016, when hackers backed by a Russian intelligence agency stole and leaked data from the Democratic National Committee and from individuals working on Hillary Clinton’s presidential campaign. Such hacks are intended to embarrass and to influence political outcomes, rather than to destroy equipment or infrastructure.
Experts have warned that the involvement of amateur hackers in the conflict in Ukraine could lead to confusion and incite more state-backed hacking, as governments seek to defend themselves and strike back against their attackers.
“Some cybercrime groups have recently publicly pledged support for the Russian government,” the Cybersecurity and Infrastructure Security Agency warned in an advisory on Wednesday. “These Russian-aligned cybercrime groups have threatened to conduct cyberoperations in retaliation for perceived cyberoffensives against the Russian government or the Russian people.”
Distributed Denial of Secrets, or DDoSecrets, the nonprofit organization publishing many of the leaked materials, was founded in 2018 and has published material from U.S. law enforcement agencies, shell companies and right-wing groups. But since the beginning of the war in Ukraine, the group has been flooded with data from Russian government agencies and companies. It currently hosts more than 40 data sets related to Russian entities.
“There has been a lot more activity on that front since the start of the war,” said Lorax B. Horne, a member of DDoSecrets. “Since the end of February, it hasn’t been all Russian data sets, but it has been an overwhelming amount of data that we’ve been receiving.”
DDoSecrets operates as a clearinghouse, publishing data it receives from sources through an open submission process. The organization says that its mission is transparency with the public and that it avoids political affiliations. It is often described as a successor to WikiLeaks, another nonprofit group that has published leaked data it received from anonymous sources.