Skip to main content

Behind the Curtains of New War: Bringing Cyber War to the Crimean Peninsula

March 07, 2014

Gone are the days where military conflict was contained within geographical boundaries limited to the range of the physical machines of war on the battlefield. Today, aggressions have the ability to escalate beyond a level paramount to any ever seen in the history of war, which transgress both time and space.

The Russian contentions in the Crimean Peninsula of the southern Ukrainian region are no exception. While the President of Russia, Vladimir Putin, shows muscle through military exercises along the border, a much more dangerous war has already fired its first shots - the cyber bullets of discreet malware and DDoS attacks that could quickly become the most dangerous weapons of all.[1]

Crimean Peninsula


Current Events

Despite allegations by various news agencies, President Putin steadily denies offensive forces in Crimea. Instead, he acknowledges their presence as defense in support of the Russian speaking populous of Crimea.[2]

But why would Russia use military intervention in a sovereign state at all? Russia maintains particularly close ties to bordering lands with Russian language and culture and influences political ties in the region. In fact, it is this political influence that added to the strains in Ukraine and resulted in the recent demonstrations in Kiev.

Currently, there are as many as 16,000 Russian military personnel in Crimea. According to media outlets, no lethal shots have been fired throughout the intervention.[3] However, in today’s tech world, it is imperative to ask the question: “Are guns and tanks the only weapons that matter in conflict?”

The answer is a glaring no, especially as we dig deeper into the actions taken by hacktivists on both sides of the current Crimean crisis. The problem with the cyber domain in war is plausible deniability by the states. While it is common practice for hacktivist groups to take public claim of their successful attacks and campaigns particularly on group forums and blogs, there is no denying the advantages these attacks create for one side of a conflict versus another.

On February 28, 2014, the first notable cyberattack of the Crimean conflict with Russia occurred in an unexpected hybrid fashion. Urktelecom, a predominant communications provider in the Crimean Peninsula, confirmed that an attack on its communications centers lasted at least two full days. Cutting off critical infrastructure to enemy lines of communication is a common practice in military strategy. However, in this instance, an unidentified group of men attacked the physical communication center buildings, cutting off virtually all landline and mobile communications as well as internet access provided by Urktelecom in Crimea.[4]

Additionally, it is now believed that these centers were attacked specifically so that wireless equipment could be installed to intercept communications from Ukrainian Military Police. There is currently no direct connection between the Urktelecom situation and the Russian government - and the Russian government has made no obvious claims of support for this attack - but it would give them an upper hand in maintaining control over the disputed land.[5]

The primary point of contention in this cyber battlefield now hinges on fears that Russia may expand its capabilities beyond Crimea and begin using its better known DDoS tactics on servers of other Ukrainian critical infrastructure.

While the attack on Urktelecom still goes unclaimed, Ukrainian hacktivists have not been entirely innocent on the cyber battlefield either. One group known as “Cyber-Berkut” has claimed responsibility defacing over 40 Russian news websites with an image of a Nazi swastika over a map of Crimea. Additionally, the Russian state-funded news website Russia Today was offline for 20 minutes due to a DDoS attack.[6]

Habits of the War Hackers

While the current situation has yet to escalate to the levels of the Russo-Georgian War of 2008, there are stark similarities that can be drawn between that conflict and the current one in Ukraine, particularly on the cyber front. In the 2008 conflict, the Russian cyber weapon of choice was Denial of Service (DoS) attacks, limiting internet access for organizations (including that of media, communications, transportation and government sites) as well as blocking access to certain IP space in the areas it does control on a cyber level.[7]

Let’s not forget the 2007 month-long cyber siege in the Russian-speaking state of Estonia - which again, is former a Soviet block and borders the current state lines of Russia. Throughout April and May of that year - coinciding with the Russian national holiday, Victory Day - DDoS attacks nearly crippled the small state, which ran the majority of its government transactions online.[8] The attacks have been identified as having come from Russia, but the Russian government has not taken claim of them just as it denied any relationship to the cyberattacks in Georgia and Ukraine.

Ukraine in a Post-Soviet World: The Big Question

In situations similar to what’s currently unfolding in the Crimean Peninsula, we must geo-locate the events in relation to their recent histories. Over the last 25 years, since the collapse of the former Soviet Union, Russia has continued attempts to either retain or regain what’s left of its hold on lands of the former block.

While Russia does not hold the same dual super power status it did prior to the collapse of the USSR, the continual effort to hold onto its current influence in bordering regions demonstrates it is not willing to let go of any more power. The South Ossetia War of 2008 between Georgia and Russia and the alleged 2007 cyberattacks on Estonia are prime examples of the grip Russia attempts to maintain among its bordering former lands.

Russia’s quick response to enter Crimea with both military force and cyber power suggests that it is still struggling to maintain this grip of influence on post-Soviet regions. Previously, either by United Nations decree or NATO, international forces have threatened to become involved in order to maintain state sovereignty. This leads one to wonder what the next move will be from either Russia or the international community. Ukraine has already announced that by moving troops into Crimea, Russia has declared war. The international community is expected to make a decision later this week on how to respond to Russian intervention in Ukraine.


Although the Russian government has made no public suggestions or claims to cyber activities over the last two decades that just so happened to take place against its adversaries from hackers within the state, the attacks have proved beneficial to the ground campaigns they have organized or prepared for.

Pro-Russian hacktivists - whether state sponsored or not - have continued to grow in the sophistication of their seemingly coordinated attacks. As the situation in Crimea continues to heat up, we can certainly expect to see a rise in cyber activity against both Ukraine and its allies,  particularly when it comes to DDoS campaigns against servers that might affect Ukraine’s ability to defend against Russian ground troops.

One thing that post-Soviet Russia has shown is that war will never again be the same, nor will future international conflict exist without the assistance or hindrance of cyber activity.


[1] Curry, Colleen. “What's Going On in Ukraine? An Up-to-Date Guide,” ABC News. 04 MARCH 2014.


[2] “Ukraine Crisis Timeline,” BBC News Europe. 04 MARCH 2014.


[3] Carbonnel, Alissa de. “In Ukraine's Crimea, a tense and surreal standoff,” Reuters. 05 MARCH 2014.


[4] Farrell, Nick. “Ukraine and Russia troops engage,” 05 MARCH 2014.


[5] Russon, Mary-Ann. “Ukraine Crisis: Cyber War with Russia Heating up,” International Business Times. 04 March 2014.


[6] Russon, Mary-Ann. “Ukraine Crisis: Cyber War with Russia Heating up,” International Business Times. 04 March 2014.


[7] Perlroth, Nichole. “Cyberattacks Rise as Ukraine Crisis Spills to Internet,” Bits by New York Times. 04 MARCH 2014.


[8] Landler, Mark. “Digital Fears Emerge After Data Siege in Estonia,” The New York Times. 29 MAY 2007.


Related Blogs

September 25, 2014

"Shellshock" Vulnerability in Bash Allows Unauthorized, Remote Code Execution

On September 24, a critical vulnerability - CVE-2014-6271 - was made public. This vulnerability, dubbed “Shellshock,” exposes a weakness in which cert...

See Details

May 17, 2017

Ransomware Kill Chain and Controls - Part 2: Once the Crying is Over, the Controls Must Kick In

In the first part of the blog series, we alluded to the impending danger of ransomware campaigns. It appears the concerns were justified, given the si...

See Details

August 30, 2013

Teaching Cybersecurity to the Next Generation

From airline security to nuclear plants, our world is made up of systems. Threats to these systems from hackers have raised concerns about privacy, pe...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

June 14, 2017

Incident Management Plan Development

We have the experience and knowledge required to help your organization develop a strong incident management plan.

See Details

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.