Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 History 2 Cyberattacks 2.1 Russian cyberattacks 2.2 Ukrainian cyberattacks 3 Russian-Ukrainian cyberwarfare amidst Russian invasion of Ukraine in 2022 4 See also 5 References 6 External links

Russo-Ukrainian cyberwarfare

●العربية ●Azərbaycanca ●Беларуская ●Français ●עברית ●Українська Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

Pro-Russian bot farm in Ukraine.

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. ^{[clarification needed]} While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

History[edit]

Russian–Ukrainian cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. Russian cyberweapon Uroburos had been around since 2005.^[1] However, the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013. In 2013, Operation Armageddon, a Russian campaign of systematic cyber espionage on the information systems of government agencies, law enforcement, and defense agencies, began, thought to help Russia on the battlefield.^[2] Between 2013 and 2014, some information systems of Ukrainian government agencies were affected by a computer virus known as Snake / Uroborus / Turla.^[2] In February–March 2014, as Russian troops entered Crimea communication centers were raided and Ukraine's fibre optic cables were tampered with, cutting connection between the peninsula and mainland Ukraine. Additionally Ukrainian Government websites, news and social media were shut down or targeted in DDoS attacks, while cell phones of many Ukrainian parliamentarians were hacked or jammed.^[2]^[3] Ukrainian experts also stated the beginning of a cyberwar with Russia.^[4] Cybersecurity companies began to register an increase in the number of cyberattacks on information systems in Ukraine. The victims of Russian cyberattacks were government agencies of Ukraine, the EU, the United States, defense agencies, international and regional defense and political organizations, think tanks, the media, and dissidents.^[2] As of 2015, researchers had identified two groups of Russian hackers who have been active in the Russian-Ukrainian cyber war: the so-called APT29 (also known as Cozy Bear, Cozy Duke) and APT28 (also known as Sofacy Group, Tsar Team, Pawn Storm, Fancy Bear).^[2]

Russia has conducted cyberattacks against Ukraine's wartime satellite internet service Starlink.^[5]

Cyberattacks[edit]

This section is in list format but may read better as prose. You can help by converting this section, if appropriate. Editing help is available. (November 2023)

Russian cyberattacks[edit]

Operation "Armageddon", 2013^[2]
Operation "Snake", February 2014^[6]^[7]^[8]
Attacks on the automated system "Elections", June 2014^[9]
First Ukraine power grid hack, December 2015. Attacks using the Trojan virus BlackEnergy on energy companies in Ukraine which provide energy to Kyiv, Ivano-Frankivsk and Chernivtsi regions^[10]^[11] This was the first successful cyber attack on a power grid.^[10]
Second Ukraine power grid hack, December 2016.^[12]^[13]
Paralysis of the State Treasury of Ukraine, December 2016^[14]^[15]
2017 cyberattacks on Ukraine, Mass hacker supply-chain attack, June 2017 using Petya virus^[16] According to the US Presidential Administration, this attack became the largest known hacker attack.^[17]
2022 Ukraine cyberattack, attacks on Ukrainian government websites, January 2022, one day after US-Russian negotiations on Ukraine's future in NATO failed.^[18]^[19]
Attacks in February 2022, after Russian troops invaded eastern regions of Ukraine, took down several major Ukrainian governmental and banking websites. U.S. intelligence attributed the attacks to Russian attackers, although the Russian government denied involvement.^[20]
Russia has tried to block Starlink in Ukraine, which provides Internet access via satellite services. Starlink has countered those attacks by hardening the service's software.^[21] Cyberattacks against Starlink appear to have been ineffective, in part because SpaceX quickly updates the system’s software, according to The Economist. The director of electronic warfare for the US Office of the Secretary of Defense has said the speed of the Starlink software response he witnessed to one attack was "eye-watering".^[22] In August 2023, during Ukraine's counteroffensive, a Five Eyes report found that Russian hackers planted malwares designed to steal data to Starlink from the Android tablets of Ukrainian soldiers.^[23] Ukrainian Security Services said to have blocked some of the hacking attempts and conceded Russians had captured tablets on the battlefield and planted malwares on them.

Ukrainian cyberattacks[edit]

Operation "Prikormka (Groundbait)", May 2016^[24]^[25]
Operation "May 9", 2016 (9 successful hacks of the sites of the separatist group "Donetsk People's Republic", as well as Russian sites of anti-Ukrainian propaganda and resources of Russian private military companies.)^[26]^[27]^[28]^[29]^[30]
“Channel One” break, June 2016 (hacking of the corporate server of the Russian "Channel One" by the Ukrainian Cyber Alliance of hackers FalconsFlame, Trinity and Rukh8)^[31]^[32]
The Surkov Leaks, October 2016 — a leak of 2,337 e-mails and hundreds of attachments, which reveal plans for seizing Crimea from Ukraine and fomenting separatist unrest in Donbas (documents dated between September 2013 and December 2014).^[33]
The IT Army of Ukraine was established by Mykhailo Fedorov, the First Vice Prime Minister and Minister of Digital Transformation, on 25 February 2022. The effort was initiated during the 2022 Russian invasion of Ukraine. The primary aim is cyberwarfare against Russia. Fedorov requested the assistance of cyber specialist and tweeted a Telegram with a list of 31 websites of Russian business and state organizations.^[34]

Russian-Ukrainian cyberwarfare amidst Russian invasion of Ukraine in 2022[edit]

In June 2022, Microsoft published the report on Russian cyber attacks, and concluded that state-backed Russian hackers "have engaged in "strategic espionage" against governments, think tanks, businesses and aid groups" in 42 countries supporting Kyiv.^[35]

In April 2022, Microsoft report shared new details on Russian cyberwarfare against Ukraine, for instance Microsoft has reported that in some cases, hacking and military operations worked in tandem against Ukraine related target.^[36]^[37]

References[edit]

^ "Invisible Russian cyberweapon stalked US and Ukraine since 2005, new research reveals". CSO. 10 March 2014. Archived from the original on 2022-01-18. Retrieved 2022-01-17.

^ ^a ^b ^c ^d ^e ^f Jen Weedon, FireEye (2015). "Beyond 'Cyber War': Russia's Use of Strategic Cyber Espionage and Information Operations in Ukraine". In Kenneth Geers (ed.). Cyber War in Perspective: Russian Aggression against Ukraine. Tallinn: NATO CCD COE Publications. ISBN 978-9949-9544-5-2. Archived from the original on 2016-08-16. Retrieved 2016-05-10.

^ Gertz, Bill. "Inside the Ring: Cybercom's Michael Rogers confirms Russia conducted cyberattacks against Ukraine". The Washington Times. Archived from the original on 2021-06-02. Retrieved 2020-07-21.

^ "Russian Electronic Warfare in Ukraine: Between Real and Imaginable - Jamestown". Jamestown. Archived from the original on 2017-05-26. Retrieved 2017-05-27.

^ "How Elon Musk's satellites have saved Ukraine and changed warfare". The Economist. ISSN 0013-0613. Retrieved 2023-06-06.

^ Dunn, John E (7 March 2014). "Invisible Russian cyberweapon stalked US and Ukraine since 2005, new research reveals". Techworld. Archived from the original on 13 April 2016. Retrieved 10 May 2016.

^ "The Snake Campaign". BAE Systems. 2014. Archived from the original on 2020-07-22. Retrieved 2020-07-21.

^ "Uroburos. Highly complex espionage software with Russian roots" (PDF). G Data SecurityLabs. February 2014. Archived (PDF) from the original on 2020-10-07. Retrieved 2020-07-21.

^ Прес-служба Держспецзв’язку (23 May 2014). "Коментар Держспецзв'язку щодо інциденту в ЦВК". Archived from the original on 23 September 2015. Retrieved 26 May 2014.

^ ^a ^b Кім Зеттер, Wired (17 March 2016). "Хакерська атака Росії на українську енергосистему: як це було". Texty.org. Retrieved 18 March 2016.

^ "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". Міністерство енергетики та вугільної промисловості України. 12 February 2016. Archived from the original on 22 July 2020. Retrieved 21 July 2020.

^ Kim Zetter (January 10, 2017). "The Ukrainian Power Grid Was Hacked Again". Vice Motherboard. Archived from the original on January 18, 2017. Retrieved July 21, 2020.

^ "Основной версией недавнего отключения электричества в Киеве названа кибератака хакеров". ITC.ua. 19 December 2016. Archived from the original on 21 July 2020. Retrieved 21 July 2020.

^ "Щодо роботи інформаційно-телекомунікаційної системи Казначейства". Урядовий портал. 6 December 2016. Archived from the original on 10 December 2016. Retrieved 11 December 2016.

^ "Україна програє кібервійну. Хакери атакують державні фінанси". Економічна правда. 9 December 2016. Archived from the original on 10 December 2016. Retrieved 11 December 2016.

^ Anton Cherepanov, ESET (30 June 2017). "TeleBots are back: Supply-chain attacks against Ukraine". We Live Security. Archived from the original on 21 July 2020. Retrieved 21 July 2020.

^ "Statement from the Press Secretary". whitehouse.gov. 2018-02-15. Archived from the original on 2021-02-03. Retrieved 2021-03-03 – via National Archives.

^ Kramer, Andrew E. (2022-01-14). "Hackers Bring Down Government Sites in Ukraine". The New York Times. ISSN 0362-4331. Archived from the original on 2022-01-15. Retrieved 2022-01-17.

^ Alspach, Kyle (2022-02-04). "Microsoft discloses new details on Russian hacker group Gamaredon". VentureBeat. Archived from the original on 2022-02-06. Retrieved 2022-02-06.

^ Lauren Feiner (2022-02-23). "Cyberattack hits Ukrainian banks and government websites". CBNC. Archived from the original on 2022-02-23. Retrieved 2022-02-23.

^ Stone, Mike; Roulette, Joey (2023-06-01). "SpaceX's Starlink wins Pentagon contract for satellite services to Ukraine". Reuters. Retrieved 2023-06-01.

^ "How Elon Musk's satellites have saved Ukraine and changed warfare". The Economist. ISSN 0013-0613. Retrieved 2023-06-06.

^ Lyngaas, Sean (2023-08-31). "Russian military hackers take aim at Ukrainian soldiers' battle plans, US and allies say | CNN Politics". CNN. Retrieved 2023-09-09.

^ Alexey Minakov (1 June 2016). "Антивірусна компанія ESET на службі терористів Донбасу". Інформнапалм. Archived from the original on 16 July 2020. Retrieved 21 July 2020.

^ Антон Черепанов (18 May 2016). "Operation Groundbait ("Прикормка"): Аналіз інструментарію спостереження" (PDF). ESET. Archived (PDF) from the original on 1 June 2016. Retrieved 21 July 2020.

^ Censor.NET (9 May 2016). ""Operation May 9": Ukrainian hackers deface several terrorists' propaganda sites. VIDEO+PHOTO". Censor.NET. Archived from the original on 2020-07-21. Retrieved 2020-07-21.

^ "9 hacks on MAY 9: successful operation of Ukrainian hackers #OpMay9 (VIDEO)". InformNapalm.org (English). 2016-05-11. Archived from the original on 2020-07-15. Retrieved 2020-07-21.

^ "Хакери знищили сайт російських пропагандистів "Anna News" і розмістили відеозвернення". InformNapalm.org. InformNapalm. 29 April 2016. Archived from the original on 19 September 2016. Retrieved 11 May 2016.

^ Shamanska, Anna (9 May 2016). "Hackers In Ukraine Deface Separatist Websites To Mark Victory Day". Radio Free Europe/Radio Liberty. Archived from the original on 2020-06-25. Retrieved 2020-07-21.

^ "ЗС РФ використовували станцію Р-330Ж у боях за Дебальцеве. Знімки робочого терміналу". InformNapalm.org. InformNapalm. 2 May 2016. Archived from the original on 19 September 2016. Retrieved 11 May 2016.

^ "Злом пропагандистів РФ. Частина 1. Зенін: сприяння терористам, офшори та відпочинок у Європі". Інформнапалм. 6 June 2016. Archived from the original on 15 July 2020. Retrieved 21 July 2020.

^ "Взлом пропагандистов РФ. Часть 2: переписка о МН17". Інформнапалм. 14 June 2016. Archived from the original on 16 July 2020. Retrieved 21 July 2020.

^ Christopher Miller (November 2, 2016). "Inside The Ukrainian 'Hacktivist' Network Cyberbattling The Kremlin". RadioFreeEurope/RadioLiberty. Archived from the original on 2022-01-03. Retrieved 2022-01-17.

^ Pearson, James (2022-02-27). "Ukraine launches 'IT army,' takes aim at Russian cyberspace". Reuters. Retrieved 2022-02-27.

^ "Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies". VOA. 22 June 2022. Retrieved 2022-07-12.

^ "Microsoft Report Details Relentless Russian Cyberattacks On Ukraine". RadioFreeEurope/RadioLiberty. Retrieved 2022-07-12.

^ "Microsoft: Russian hacks often accompany Ukraine attacks". Associated Press. 27 April 2022. Retrieved 2022-09-18.

External links[edit]

Inside The Ukrainian 'Hacktivist' Network Cyberbattling The Kremlin

Hacking in the 2020s

← 2010s

Timeline

2030s →

Major incidents

2020	BlueLeaks Twitter account hijacking European Medicines Agency data breach Nintendo data leak United States federal government data breach EasyJet data breach Vastaamo data breach
2021	Microsoft Exchange Server breach Ivanti Pulse Connect Secure data breach Colonial Pipeline ransomware attack Health Service Executive ransomware attack Waikato District Health Board ransomware attack JBS S.A. ransomware attack Kaseya VSA ransomware attack Transnet ransomware attack Epik data breach FBI email hack National Rifle Association ransomware attack Banco de Oro hack
2022	Ukraine cyberattacks Red Cross data breach Anonymous and the Russian invasion of Ukraine Viasat hack DDoS attacks on Romania Costa Rican ransomware attack LastPass vault theft Shanghai police database leak Grand Theft Auto VI content leak
2023	Munster Technological University ransomware attack Evide data breach MOVEit data breach Insomniac Games data breach Polish railway cyberattack British Library cyberattack
2024	XZ Utils backdoor Kadokawa and Niconico

Groups

Individuals

Major vulnerabilities
publicly disclosed

SMBGhost (2020)
Thunderspy (2020)
PrintNightmare (2021)
FORCEDENTRY (2021)
Log4Shell (2021)
Account pre-hijacking (2022)
Retbleed (2022)
Downfall (2023)
LogoFAIL (2023)
Reptar (2023)
Terrapin (2023)
GoFetch (2024)

Malware

2020

2021

Predator

2022

v t e Russo-Ukrainian War
Background	Dissolution of the Soviet Union Budapest Memorandum 2003 Tuzla Island conflict Orange Revolution 2007 Munich speech of Vladimir Putin Russia–Ukraine gas disputes Euromaidan Revolution of Dignity Putinism Foundations of Geopolitics Ruscism Russian irredentism Russian imperialism
Main events	Annexation of Crimea by the Russian Federation timeline 2014 pro-Russian unrest in Ukraine Historical background timeline 2014 Odesa clashes War in Donbas timeline List of Russian units which invaded the territory of Ukraine Kerch Strait incident Wagnergate Prelude to the Russian invasion of Ukraine reactions Russian invasion of Ukraine timeline 2022 Russian annexation referendums 2023 Belgorod Oblast incursions destruction of the Kakhovka Dam
Impact and reactions	International sanctions sanctioned people and organisations 2022–2023 Russia–European Union gas dispute Military aid to Ukraine OSCE Special Monitoring Mission to Ukraine Act of 2014 China and the Russian invasion of Ukraine Iran and the Russian invasion of Ukraine United States and the Russian invasion of Ukraine ICJ case ORDLO ATO International reactions to the war in Donbas Casualties of the Russo-Ukrainian War journalists killed Foreign fighters in the Russo-Ukrainian War 2014 Crimean status referendum Political status of Crimea 2021 Black Sea incident 2021–2023 global supply chain crisis Economic impact of the Russian invasion of Ukraine Eurointegration of Ukraine Soviet imagery Lend-Lease (2022) Diplomatic expulsions Russian spies ICC arrest warrant for Vladimir Putin Wagner Group rebellion LGBT people
Cyberwarfare	2015 Ukraine power grid hack 2016 Kyiv cyberattack 2016 Surkov leaks 2017 Ukraine ransomware attacks 2022 Ukraine cyberattacks IT Army of Ukraine 2022 activities of Anonymous against Russia
Media	Little green men Social media Media portrayal Disinformation in the 2022 invasion Propaganda in Russia Films
Related	Russia–Ukraine relations Russian language in Ukraine Demolition of monuments to Vladimir Lenin in Ukraine 2014 anti-war protests in Russia Ruscism 2018 Moscow–Constantinople schism Control of cities Aircraft losses during the Russo-Ukrainian War Ship losses during the Russo-Ukrainian War Moldova and the Russo-Ukrainian War Ukrainian conscription crisis Forced transfer of Ukrainian children to Russia
Category

Retrieved from "https://en.wikipedia.org/w/index.php?title=Russo-Ukrainian_cyberwarfare&oldid=1224149153" Categories: ●Hacker groups ●Cyberattacks ●Cyberwarfare ●Russia–Ukraine relations ●Russo-Ukrainian War ●Information operations and warfare ●Russian–Ukrainian cyberwarfare Hidden categories: ●Articles with short description ●Short description is different from Wikidata ●Wikipedia articles needing clarification from April 2022 ●Articles needing cleanup from November 2023 ●All pages needing cleanup ●Articles with sections that need to be turned into prose from November 2023 ●This page was last edited on 16 May 2024, at 14:55 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view