Russo-Ukrainian cyberwarfare

Last updated
Pro-Russian bot farm in Ukraine. Pro-Russian bot farm in Ukraine (2022).jpg
Pro-Russian bot farm in Ukraine.

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. [ clarification needed ] While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

Contents

History

Russian–Ukrainian cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. Russian cyberweapon Uroburos had been around since 2005. [1] However, the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013. In 2013, Operation Armageddon, a Russian campaign of systematic cyber espionage on the information systems of government agencies, law enforcement, and defense agencies, began, thought to help Russia on the battlefield. [2] Between 2013 and 2014, some information systems of Ukrainian government agencies were affected by a computer virus known as Snake / Uroborus / Turla. [2] In February–March 2014, as Russian troops entered Crimea communication centers were raided and Ukraine's fibre optic cables were tampered with, cutting connection between the peninsula and mainland Ukraine. Additionally Ukrainian Government websites, news and social media were shut down or targeted in DDoS attacks, while cell phones of many Ukrainian parliamentarians were hacked or jammed. [2] [3] Ukrainian experts also stated the beginning of a cyberwar with Russia. [4] Cybersecurity companies began to register an increase in the number of cyberattacks on information systems in Ukraine. The victims of Russian cyberattacks were government agencies of Ukraine, the EU, the United States, defense agencies, international and regional defense and political organizations, think tanks, the media, and dissidents. [2] As of 2015, researchers had identified two groups of Russian hackers who have been active in the Russian-Ukrainian cyber war: the so-called APT29 (also known as Cozy Bear, Cozy Duke) and APT28 (also known as Sofacy Group, Tsar Team, Pawn Storm, Fancy Bear). [2]

Russia has conducted cyberattacks against Ukraine's wartime satellite internet service Starlink. [5]

Cyberattacks

Russian cyberattacks

Ukrainian cyberattacks

Russian-Ukrainian cyberwarfare amidst Russian invasion of Ukraine in 2022

In June 2022, Microsoft published the report on Russian cyber attacks, and concluded that state-backed Russian hackers "have engaged in "strategic espionage" against governments, think tanks, businesses and aid groups" in 42 countries supporting Kyiv. [35]

In April 2022, Microsoft report shared new details on Russian cyberwarfare against Ukraine, for instance Microsoft has reported that in some cases, hacking and military operations worked in tandem against Ukraine related target. [36] [37]

See also

Related Research Articles

<span class="mw-page-title-main">Information warfare</span> Battlespace use and management of information and communication technology

Information warfare (IW) is the battlespace use and management of information and communication technology (ICT) in pursuit of a competitive advantage over an opponent. It is different from cyberwarfare that attacks computers, software, and command control systems. Information warfare is the manipulation of information trusted by a target without the target's awareness so that the target will make decisions against their interest but in the interest of the one conducting information warfare. As a result, it is not clear when information warfare begins, ends, and how strong or destructive it is.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">Cyberattacks during the Russo-Georgian War</span> Series of cyber attacks during Russo-Georgian war in 2008

During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat groups, against other countries.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR), a view shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

Fancy Bear, also known as APT28, Pawn Storm, Sofacy Group, Sednit, Tsar Team and STRONTIUM or Forest Blizzard, is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on one of the buildings collapsed as a result of the explosion.

On December 23, 2015, the power grid in two western oblasts of Ukraine was hacked, which resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack took place during the ongoing Russo-Ukrainian War (2014-present) and is attributed to a Russian advanced persistent threat group known as "Sandworm". It is the first publicly acknowledged successful cyberattack on a power grid.

<span class="mw-page-title-main">Surkov leaks</span> Document leak of Vladislav Surkovs emails

In October 2016, Ukrainian hacker group CyberHunta leaked over a gigabyte of emails and other documents alleged to belong to Russian political operative and senior Kremlin official Vladislav Surkov. Known as Russia's "grey cardinal", Surkov served as a political adviser to President Vladimir Putin in the conflict in eastern Ukraine and is the architect of Russia's ideology of sovereign democracy.

<span class="mw-page-title-main">Petya (malware family)</span> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

Industroyer is a malware framework considered to have been used in the cyberattack on Ukraine’s power grid on December 17, 2016. The attack cut a fifth of Kyiv, the capital, off power for one hour and is considered to have been a large-scale test. The Kyiv incident was the second cyberattack on Ukraine's power grid in two years. The first attack occurred on December 23, 2015. Industroyer is the first ever known malware specifically designed to attack electrical grids. At the same time, it is the fourth malware publicly revealed to target industrial control systems, after Stuxnet, Havex, and BlackEnergy.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

<span class="mw-page-title-main">IT Army of Ukraine</span> Ukrainian cyberwarfare volunteer group

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.

<i>This Is How They Tell Me the World Ends: The Cyberweapons Arms Race</i> 2021 book by Nicole Perlroth

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race is a non-fiction book published in 2021 by American journalist and author Nicole Perlroth. The book delves into the hidden world of cyberwarfare, offering a comprehensive examination of the rapid proliferation and development of cyberweapons by nation-states and non-state actors. With its unique blend of investigative journalism, personal anecdotes, and historical analysis, the book has gained critical acclaim for shedding light on the alarming escalation of cyber conflict. Financial Times named it a book of the year in 2021.

References

  1. "Invisible Russian cyberweapon stalked US and Ukraine since 2005, new research reveals". CSO. 10 March 2014. Archived from the original on 2022-01-18. Retrieved 2022-01-17.
  2. 1 2 3 4 5 6 Jen Weedon, FireEye (2015). "Beyond 'Cyber War': Russia's Use of Strategic Cyber Espionage and Information Operations in Ukraine". In Kenneth Geers (ed.). Cyber War in Perspective: Russian Aggression against Ukraine. Tallinn: NATO CCD COE Publications. ISBN   978-9949-9544-5-2. Archived from the original on 2016-08-16. Retrieved 2016-05-10.
  3. Gertz, Bill. "Inside the Ring: Cybercom's Michael Rogers confirms Russia conducted cyberattacks against Ukraine". The Washington Times. Archived from the original on 2021-06-02. Retrieved 2020-07-21.
  4. "Russian Electronic Warfare in Ukraine: Between Real and Imaginable - Jamestown". Jamestown. Archived from the original on 2017-05-26. Retrieved 2017-05-27.
  5. "How Elon Musk's satellites have saved Ukraine and changed warfare". The Economist. ISSN   0013-0613 . Retrieved 2023-06-06.
  6. Dunn, John E (7 March 2014). "Invisible Russian cyberweapon stalked US and Ukraine since 2005, new research reveals". Techworld. Archived from the original on 13 April 2016. Retrieved 10 May 2016.
  7. "The Snake Campaign". BAE Systems. 2014. Archived from the original on 2020-07-22. Retrieved 2020-07-21.
  8. "Uroburos. Highly complex espionage software with Russian roots" (PDF). G Data SecurityLabs. February 2014. Archived (PDF) from the original on 2020-10-07. Retrieved 2020-07-21.
  9. Прес-служба Держспецзв’язку (23 May 2014). "Коментар Держспецзв'язку щодо інциденту в ЦВК". Archived from the original on 23 September 2015. Retrieved 26 May 2014.
  10. 1 2 Кім Зеттер, Wired (17 March 2016). "Хакерська атака Росії на українську енергосистему: як це було". Texty.org. Retrieved 18 March 2016.
  11. "Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж". Міністерство енергетики та вугільної промисловості України. 12 February 2016. Archived from the original on 22 July 2020. Retrieved 21 July 2020.
  12. Kim Zetter (January 10, 2017). "The Ukrainian Power Grid Was Hacked Again". Vice Motherboard. Archived from the original on January 18, 2017. Retrieved July 21, 2020.
  13. "Основной версией недавнего отключения электричества в Киеве названа кибератака хакеров". ITC.ua. 19 December 2016. Archived from the original on 21 July 2020. Retrieved 21 July 2020.
  14. "Щодо роботи інформаційно-телекомунікаційної системи Казначейства". Урядовий портал. 6 December 2016. Archived from the original on 10 December 2016. Retrieved 11 December 2016.
  15. "Україна програє кібервійну. Хакери атакують державні фінанси". Економічна правда. 9 December 2016. Archived from the original on 10 December 2016. Retrieved 11 December 2016.
  16. Anton Cherepanov, ESET (30 June 2017). "TeleBots are back: Supply-chain attacks against Ukraine". We Live Security. Archived from the original on 21 July 2020. Retrieved 21 July 2020.
  17. "Statement from the Press Secretary". whitehouse.gov . 2018-02-15. Archived from the original on 2021-02-03. Retrieved 2021-03-03 via National Archives.
  18. Kramer, Andrew E. (2022-01-14). "Hackers Bring Down Government Sites in Ukraine". The New York Times. ISSN   0362-4331. Archived from the original on 2022-01-15. Retrieved 2022-01-17.
  19. Alspach, Kyle (2022-02-04). "Microsoft discloses new details on Russian hacker group Gamaredon". VentureBeat. Archived from the original on 2022-02-06. Retrieved 2022-02-06.
  20. Lauren Feiner (2022-02-23). "Cyberattack hits Ukrainian banks and government websites". CBNC. Archived from the original on 2022-02-23. Retrieved 2022-02-23.
  21. Stone, Mike; Roulette, Joey (2023-06-01). "SpaceX's Starlink wins Pentagon contract for satellite services to Ukraine". Reuters. Retrieved 2023-06-01.
  22. "How Elon Musk's satellites have saved Ukraine and changed warfare". The Economist. ISSN   0013-0613 . Retrieved 2023-06-06.
  23. Lyngaas, Sean (2023-08-31). "Russian military hackers take aim at Ukrainian soldiers' battle plans, US and allies say | CNN Politics". CNN. Retrieved 2023-09-09.
  24. Alexey Minakov (1 June 2016). "Антивірусна компанія ESET на службі терористів Донбасу". Інформнапалм. Archived from the original on 16 July 2020. Retrieved 21 July 2020.
  25. Антон Черепанов (18 May 2016). "Operation Groundbait ("Прикормка"): Аналіз інструментарію спостереження" (PDF). ESET. Archived (PDF) from the original on 1 June 2016. Retrieved 21 July 2020.
  26. Censor.NET (9 May 2016). ""Operation May 9": Ukrainian hackers deface several terrorists' propaganda sites. VIDEO+PHOTO". Censor.NET. Archived from the original on 2020-07-21. Retrieved 2020-07-21.
  27. "9 hacks on MAY 9: successful operation of Ukrainian hackers #OpMay9 (VIDEO)". InformNapalm.org (English). 2016-05-11. Archived from the original on 2020-07-15. Retrieved 2020-07-21.
  28. "Хакери знищили сайт російських пропагандистів "Anna News" і розмістили відеозвернення". InformNapalm.org. InformNapalm. 29 April 2016. Archived from the original on 19 September 2016. Retrieved 11 May 2016.
  29. Shamanska, Anna (9 May 2016). "Hackers In Ukraine Deface Separatist Websites To Mark Victory Day". Radio Free Europe/Radio Liberty. Archived from the original on 2020-06-25. Retrieved 2020-07-21.
  30. "ЗС РФ використовували станцію Р-330Ж у боях за Дебальцеве. Знімки робочого терміналу". InformNapalm.org. InformNapalm. 2 May 2016. Archived from the original on 19 September 2016. Retrieved 11 May 2016.
  31. "Злом пропагандистів РФ. Частина 1. Зенін: сприяння терористам, офшори та відпочинок у Європі". Інформнапалм. 6 June 2016. Archived from the original on 15 July 2020. Retrieved 21 July 2020.
  32. "Взлом пропагандистов РФ. Часть 2: переписка о МН17". Інформнапалм. 14 June 2016. Archived from the original on 16 July 2020. Retrieved 21 July 2020.
  33. Christopher Miller (November 2, 2016). "Inside The Ukrainian 'Hacktivist' Network Cyberbattling The Kremlin". RadioFreeEurope/RadioLiberty. Archived from the original on 2022-01-03. Retrieved 2022-01-17.
  34. Pearson, James (2022-02-27). "Ukraine launches 'IT army,' takes aim at Russian cyberspace". Reuters. Retrieved 2022-02-27.
  35. "Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies". VOA. 22 June 2022. Retrieved 2022-07-12.
  36. "Microsoft Report Details Relentless Russian Cyberattacks On Ukraine". RadioFreeEurope/RadioLiberty. Retrieved 2022-07-12.
  37. "Microsoft: Russian hacks often accompany Ukraine attacks". Associated Press . 27 April 2022. Retrieved 2022-09-18.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.