Skip links

Details of ‘120,000 Russian soldiers’ leaked by Ukraine

Ukrainian news agency Ukrainska Pravda has claimed the nation’s Centre for Defence Strategies think tank has obtained the online personal details of 120,000 Russian servicemen fighting in Ukraine.

The Register and others have been unable to fully verify the accuracy of the data in the leak. The records include what appears to be names, addresses, passport numbers, unit names, and phone numbers. Some open source intelligence researchers on Twitter said they found positive matches, as did sources who spoke confidentially to El Reg; others said they couldn’t verify dip-sampled data.

Rumors swirled on the internet that activists were behind the leak. The Ukrainian news agency said the think tank obtained the personnel records from “reliable sources.” Whether or not the database is real, the impact on Russian military morale – knowing that your country’s enemies have your personal details and can contact your family if you’re captured, killed, or even still alive – won’t be insignificant.

As Russia’s invasion of Ukraine progresses, or not, cyber-attacks orchestrated by or for the benefit of the Kremlin against Ukraine and the West appear limited, while on the ground, more than 2,000 civilians have been killed, according to Ukrainian officials.

Former National Cyber Security Centre (NCSC) chief Ciaran Martin noted in a blog post that even those skeptical of claims that Russia would wage cyber-Armageddon during the invasion will be surprised at the lack of activity. The online assaults against Ukraine of late represent Russia’s “long-standing campaign of cyber harassment of the country over the past decade, rather than a serious escalation of it,” he wrote.

Martin added that starting a cyberwar is far more difficult, and comes with far more potential problems, than most people outside the infosec and IT worlds realize.

“Even though cyber operations have featured to an unexpectedly small extent in the conflict so far, the West still remains at higher risk of serious disruption — as distinct from catastrophic attack — via the cyber domain than it was before the invasion,” he said.

“To point out the misrepresentation of cyber capabilities, their limitations, and the lack of use of them so far in the conflict is to invite allegations of complacency. It should not; a nuanced understanding of the actual risks makes for better preparation for them.”

Meanwhile, Secureworks’ senior security researcher Tony Adams said: “Cybercriminal groups have warned of retaliatory attacks against Western organisations in response to Russian sanctions or possible cyber operations targeting Russia as demonstration of support for Ukraine. Their motivations may shift from money to motherland but they’ll employ the same capabilities and techniques used in destructive wiper attacks, ransomware, and name-and-shame operations seen over the past few years.”

Ukraine’s digital transformation minister has done perhaps the most exciting thing that will ever happen under the “digital transformation” banner by calling for a volunteer IT army:

Such a move may provide cover for Russian and Belarusian attacks under a false flag – but while all these machinations are going on, the domestic impact on enterprise IT still appears to be low.

UK technology industry sources have whispered to The Register of a noticeable uptick in malicious traffic probing their firewalls over the past few days. Although all said they had been taking NCSC guidance on security seriously, one wondered whether this was the calm before the storm.

Secureworks’ Adams continued: “Organisations should realistically assess their operational endurance for a prolonged period of heightened anxiety around cyber-attacks. Creating stressed and fatigued teams before any crisis has even occurred will only lead to poor performance when it matters. Maintain vigilance, but ensure teams are following normally operational work levels as much as possible.”

He concluded: “Deprioritise non-critical tasks and ensure staff are prepared, rested and clear on process for when a cyber-incident does occur. This will be a marathon, not a sprint.” ®