Russo-Ukrainian Cyberwarfare

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013–2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

History

Russian–Ukrainian cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013–2014. Russian cyberweapon Uroburos had been around since 2005. However, the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013. In 2013, Operation Armageddon, a Russian campaign of systematic cyber espionage on the information systems of government agencies, law enforcement, and defense agencies, began, thought to help Russia on the battlefield.
Between 2013 and 2014, some information systems of Ukrainian government agencies were affected by a computer virus known as Snake / Uroborus / Turla. In February–March 2014, as Russian troops entered Crimea communication centers were raided and Ukraine's fibre optic cables were tampered with, cutting connection between the peninsula and mainland Ukraine. Additionally Ukrainian Government websites, news and social media were shut down or targeted in DDoS attacks, while cell phones of many Ukrainian parliamentarians were hacked or jammed. Ukrainian experts also stated the beginning of a cyberwar with Russia.
Cybersecurity companies began to register an increase in the number of cyberattacks on information systems in Ukraine. The victims of Russian cyberattacks were government agencies of Ukraine, the EU, the United States, defense agencies, international and regional defense and political organizations, think tanks, the media, and dissidents. As of 2015, researchers had identified two groups of Russian hackers who have been active in the Russian-Ukrainian cyber war: the so-called APT29 (also known as Cozy Bear, Cozy Duke) and APT28 (also known as Sofacy Group, Tsar Team, Pawn Storm, Fancy Bear).

Russia has conducted cyberattacks against Ukraine's wartime satellite internet service Starlink.

Cyberattacks

Russian cyberattacks

* Operation "Armageddon", 2013
* Operation "Snake", February 2014
* Attacks on the automated system "Elections", May 2014
* First Ukraine power grid hack, December 2015. Attacks using the Trojan virus BlackEnergy on energy companies in Ukraine which provide energy to Kyiv, Ivano-Frankivsk and Chernivtsi regions This was the first successful cyber attack on a power grid.
* Second Ukraine power grid hack, December 2016.
* Paralysis of the State Treasury of Ukraine, December 2016
* 2017 cyberattacks on Ukraine, Mass hacker supply-chain attack, June 2017 using Petya virus According to the US Presidential Administration, this attack became the largest known hacker attack.
* 2022 Ukraine cyberattack, attacks on Ukrainian government websites, January 2022, one day after US-Russian negotiations on Ukraine's future in NATO failed.
* Attacks in February 2022, after Russian troops invaded eastern regions of Ukraine, took down several major Ukrainian governmental and banking websites. U.S. intelligence attributed the attacks to Russian attackers, although the Russian government denied involvement.
*Russia has tried to block Starlink in Ukraine, which provides Internet access via satellite services. Starlink has countered those attacks by hardening the service's software. Cyberattacks against Starlink appear to have been ineffective, in part because SpaceX quickly updates the system's software, according to ''The Economist''. The director of electronic warfare for the US Office of the Secretary of Defense has said the speed of the Starlink software response he witnessed to one attack was "eye-watering". In August 2023, during Ukraine's counteroffensive, a Five Eyes report found that Russian hackers planted malwares designed to steal data to Starlink from the Android tablets of Ukrainian soldiers. Ukrainian Security Services said to have blocked some of the hacking attempts and conceded Russians had captured tablets on the battlefield and planted malwares on them.

Ukrainian cyberattacks

* Operation "Prikormka (Groundbait)", May 2016
* Operation "May 9", 2016 (9 successful hacks of the sites of the separatist group "Donetsk People's Republic", as well as Russian sites of anti-Ukrainian propaganda and resources of Russian private military companies.)
* “ Channel One” break, June 2016 (hacking of the corporate server of the Russian "Channel One" by the Ukrainian Cyber Alliance of hackers FalconsFlame, Trinity and Rukh8)
* The Surkov Leaks, October 2016 — a leak of 2,337 e-mails and hundreds of attachments, which reveal plans for seizing Crimea from Ukraine and fomenting separatist unrest in Donbas (documents dated between September 2013 and December 2014).
* The IT Army of Ukraine was established by Mykhailo Fedorov

HOME


Content is Copyleft
Website design, code, and AI is Copyrighted (c) 2014-2017 by Stephen Payne


Consider donating to Wikimedia



As an Amazon Associate I earn from qualifying purchases