Russia declares war on Ukraine, weapons are also computerized

It is a sad awakening for the Western world today. In the night Russia attacked Ukraine, officially starting an officially justified military operation to defend the Donbass separatists. The task and the burden of recounting the escalation rests with the many war correspondents who are in the area, with the understandable difficulties of the case. In this space we will limit ourselves to reporting an eloquent sentence of ours Francesca Mannocchi to represent his difficult job and that of all his colleagues.


Russian missiles started hitting Ukraine (in the opening photo of an explosion in Kiev released by the Ukrainian presidency), but the one started by Putin and also a war that is fought using computer weapons and on the terrain of social media. A few days ago there were the first signs with the cyber attack that targeted the Ministry of Defense and two major banking institutions. The situation worsened yesterday.

Other Ukrainian government websites have gone offline, again for a DDoS (Denial of Service) attack. Among others, the website of the Ministry of Foreign Affairs, the Council of Ministers and the Parliament were targeted by hackers. Attacks on other banking institutions also intensified. The origin of the attacks is not confirmed, but today, with the onset of hostilities by Russia, it is hard to believe that there is no Moscow government orchestrating operations with a cyber action contributing to chaos as it is brought ahead of the military one.


With the onset of Russian hostilities, users of social networks located in the eastern regions of Ukraine (in the Donbass and Luhansk regions) began to document them by sharing photos and videos. Videos were shown of Russian helicopters heading towards Crimea, Russian tank divisions moving towards the border, and in the last few hours also the first evidence of the effects of Russian missiles.

But as military operations intensified, many Twitter accounts that started showing this material were suspended. Some examples:

  • OSINT * researcher Kyle Glen’s account was blocked for 12 hours on February 22nd
  • security analyst Oliver Alexander could not use his account 2 times in 24 hours
  • Several accounts of users / organizations that do not publish content in English were also affected:
    • the OSINT account of Neurone Intelligence (French language)
    • the Mundo en Conflicto account (Spanish language)
    • the Brazilian OSINT account Notìcias e Guerras

OSINT researchers they fear that these measures are part of a mass reporting campaign to deactivate accounts during the Russian invasion. Twitter, when questioned about the affair, hinted that the blocking of accounts was determined by the application of the rules on the publication of content, in some cases by mistake:

We have proactively monitored emerging narratives that violate our policies, and in this case, we have taken law enforcement measures on a number of accounts by mistake. We are rapidly reviewing these actions and have already proactively restored access to a number of affected accounts. Claims that the errors were the result of a coordinated bot campaign or the result of mass reporting are incorrect.

Of course, distinguishing true and manipulated information in situations like the current one is not easy, but at least Twitter has given reassurance on the cause of the massive suspension of the OSINT researchers’ accounts.

*OSINT stands for open source intelligence, the research, collection and analysis of data and news obtained from open source sources, as are social networks


The attack on Ukraine was preceded by a slightly veiled threat from the Moscow government to Western countries: we have weapons unmatched in the world Putin said in a video message released yesterday and proposed never before seen consequences if anyone interferes with military operations in Ukraine. References can be found in these passages even to cyber weapons which become part of the Russian arsenal. In these hours we speak of one, for example new dangerous botnet, run by Russian hackersthe Sandworm group, which uses a unreleased and sophisticated Cyclops Blink malware, which has already infected 1% of WatchGuard’s firewall devices. Malware, never seen before, turns target devices into attack platforms capable of stealing data and targeting other networks.