Four sources familiar with the case have told Reuters that ICC prosecutors are investigating possible war crimes involving Russian cyberattacks on Ukrainian civilian infrastructure.
The first confirmation that attacks in cyberspace are being investigated by international prosecutors has been received, which could lead to arrest warrants if enough evidence is gathered.
According to an official, the investigation is looking into attacks on infrastructure that disrupted power and water supplies cut off emergency responders or disrupted mobile data services used to transmit air raid warnings.
Ukrainian teams are working with ICC prosecutors in the investigation to uncover “cyberattacks committed from the start of the full-scale invasion,” said the official.
Another source close to the ICC prosecutor’s office confirmed they were investigating cyberattacks in Ukraine that could date back to 2015, the year after Russia unilaterally seized the Crimean Peninsula.
Cyberattacks have been denied by Moscow in the past, with officials claiming that such accusations were intended to stir up anti-Russian sentiment.
An arrest warrant was issued by the ICC in March 2023 against Russian President Vladimir Putin for illegally deporting Ukrainian children. Additionally, a possible Russian war atrocity is being investigated by an intergovernmental tribunal in Georgia.
Furthermore, the Dutch intelligence agency (AIVD) revealed last June that a Russian agent was attempting to infiltrate the institution with a fake Brazilian identity. Accordingly, Russia, which does not perceive the court’s jurisdiction, gave arrest warrants against senior ICC judges.
Evidence is being collected by Ukraine to support the ICC prosecutor’s investigation.
On Friday, it was declined to comment by the office of the ICC prosecutor Karim Khan, but it has previously been stated that cyber-attacks could be part of future war crimes investigations.
Albeit incapable to demonstrate attribution, the ICC experienced its own “phenomenal” cyberattack last September, thought to be a reconnaissance activity.
The office additionally said it can’t remark on issues connected with continuous investigation.
Four arrest warrants issued by the court against senior Russian suspects starting from the start of the attack. These incorporate President Vladimir Putin, suspected with an atrocity over the removal of Ukrainian kids to Russia.
Russia, which is not a part of the ICC, excused that decision e as “invalid and void”. Ukraine is likewise not a part, but rather has conceded the ICC jurisdiction to prosecute violations committed on its domain.
In April, a pre-trial chamber gave arrest warrants claiming that two Russian commandants had committed crimes against mankind with strikes against regular citizen infrastructure. The Russian defense ministry did not answer a solicitation for comment at that point.
No less than four significant attacks on energy infrastructure are being inspected, two sources with information on the examination told Reuters.
A senior source said one group of Russian hackers carefully targeted is referred to in cybersecurity research circles as “Sandworm”, and is trusted by Ukrainian authorities and cyber specialists to be connected to Russian military intelligence.
A group at the Human Rights Center, UC Berkeley School of Law, has been exploring Sandworm’s cyberattacks focusing on Ukrainian civilian infrastructure starting around 2021, and made secret entries to the ICC in 2022 and 2023 recognizing five cyberattacks it said could be charged as war crimes.
Sandworm is associated with a string of high-profile attacks, including a fruitful 2015 attack on a power grid in western Ukraine – one of the first of its sort, as per cyber security specialists.
A group of activist hackers referring to themselves as “Solntsepyok” (“hot spot”) claimed responsibility for a major attack on the Ukrainian mobile telecommunications supplier Kyivstar last December twelfth. Ukrainian security services recognized that group as a front for Sandworm.
Sandworm is additionally accepted by Kyiv to have done broad cyberespionage against Western states in the interest of Russia’s intelligence agencies.
