Cyber ​ ​ war of Russia and Ukraine

Main article: Cyber ​ ​ wars

2024

Ukrainian Naftogaz turned off IT systems after a large-scale cyber attack on the data center

On January 25, 2024, Naftogaz Ukrainy Corporation announced a hacker attack on its IT infrastructure. The holding was forced to turn off some of the services. Read more here.

Russian hackers have been in the Kyivstar system since May 2023 - SBU

In early January 2024, the head of the cybersecurity department of the Security Service of Ukraine (SBU) Ilya Vityuk told some details of the cyber attack on Kyivstar. According to him, Russian hackers have been in the IT systems of the Ukrainian telecom operator for several months. Read more here.

2023

Cisco secretly sends modified switches to Ukraine to protect against cyber attacks

At the end of November 2023, it became known that the American corporation Cisco secretly sends To Ukraine specially modified switches to protect against cyber attacks. Such equipment is supplied, in particular, by the national energy company Ukrenergo. More. here

Red Cross - Civilian hackers howling for Russia or Ukraine are legitimate military targets

On February 17, 2023, Mauro Vignati, an adviser to the International Committee of the Red Cross (ICRC), announced that civilian hackers carrying out cyber attacks in the current geopolitical situation could be retaliated against by military structures. Read more here.

2022

The European Union allocated funds for the creation of a cyber laboratory for the Armed Forces of Ukraine

On December 2, 2022, the European Union announced funding for a project to create a special cyber laboratory for the Armed Forces of Ukraine. We are talking about the supply of both software and equipment. Read more here.

US Cybercom for the first time revealed the details of its work on the cyber defense of Ukraine

On November 28, 2022, the US Cybercom, located on the territory of the Fort Mead military base in Maryland, first revealed the details of a special operation to ensure the protection of Ukraine in cyberspace. Read more here.

Hackers published data of hundreds of cadets and teachers of the SBU Academy

In November 2022, the hacker group RaHDit published on the Nemesis portal lists of teachers and cadets of the Academy of the Security Service of Ukraine. Read more here.

Britain sent cyber spies to help Ukraine

On November 1, 2022, the information portal of the UK government disclosed information about the UK Ukraine Cyber ​ ​ Program initiative to support Ukraine in cyberspace. Read more here.

Britain, USA, Germany, the Netherlands, Poland and Estonia support the work of fraudulent call centers in Ukraine against Russians

At the end of October 2022 Russian Foreign Ministry , he accused Western countries of supporting "hostile" call centers on. To Ukraine A number of Western countries, including,,, and Britain USA, GERMANY Netherlands Poland Estonia are pursuing a policy of infrastructure support for the functioning of Ukrainian call centers engaged in fraud against Russians.

RaHDIt hackers released data from 1.5 thousand Ukrainian intelligence officers

At the end of September 2022, it became known about the leakage of personal data of employees of the Foreign Intelligence Service of Ukraine. The corresponding base was posted by the RaHDIt cyber group, which is called Russian in the media. Read more here.

Russian hackers hacked into the SBU YouTube channel and uploaded a video there

At the end of August 2022, Russian hackers hacked into the official account Security services Ukraine(SBU) and YouTube posted pro-Russian videos there. The Telegram Mash channel drew attention to this. More. here

Ukrainian hackers attacked Russian video conferencing services TrueConf, Videomost, Webinar.ru and iMind

At the end of August 2022, it became known about cyber attacks on Russian video conferencing services. In particular, platforms, TrueConf, and collided with them Videomost. Webinar.ru iMind More. here

Russian hackers attacked the website of the Security Service of Ukraine

Hacker Anonymous Russia attacked Security Services site group Ukraine (). SSU The fact that as a result of their actions the resource became unavailable is reported in the hacker Telegram association channel. This became known on August 10, 2022. Details. here

Microsoft, commissioned by the Pentagon, deprived Ukraine of digital sovereignty

Microsoft works by order of the special services and the Pentagon, their joint activities deprived Ukraine of information sovereignty and control over digital infrastructure. Oleg Syromolotov, deputy head of the Russian Ministry of Foreign Affairs (MFA), said this on July 18, 2022 (his comment is given on the agency's website). Read more here

Rosreestr's website was hacked. The main posted data on the day of the Constitution of Ukraine

On June 28, 2022, a cyber attack was committed on the website of the Federal Service for State Registration, Cadastre and Cartography (Rosreestr), as a result of which congratulations in honor of the day of the Constitution of Ukraine were displayed on the main page of the resource. Read more here.

Ukraine uses a new principle of cyber attacks against Russia

At the end of May 2022, it became known about a new principle cyber attacks that began to be used Ukraine against Russia after the start of a special military operation. We are talking about BGP Hijacking technology, said the Vedomosti CEO and co-founder of the company. StormWall Ramil Hantimirov More. here

Kyiv admitted its involvement in hacker attacks against Russian companies

Ukrainian Deputy Prime Minister Mikhail Fedorov boasted that he had created "the world's first cyber army." This became known on April 27, 2022.

Kyiv organized over 660 cyber attacks against state institutions and enterprises in Russia and Belarus.

At the end of April 2022, we have about 300 thousand specialists. Participation is voluntary, and we organize it through where messenger Telegram we post daily tasks, - explained Mikhail Fedorov, adding that there are no personal contacts "with cyber volunteers."

Earlier UK Ministry of Defence reported that some of servers the department may have been hacked, hackers presumably working for. Russian government Cybercriminals stole outsourcing 100 Capita data Army recruits from the firm who the British worked for others countries as spies.

Also, Russian hackers were suspected of cyber attacks on German renewable power^[1]

Shuckworm hackers attack Ukrainian organizations with the latest version of the Pteredo backdoor

Specialists INFORMATION SECURITY- the company Symantec reported on attacks cybercriminal the grouping of Shuckworm (Armageddon or Gamaredon) the Ukrainian on the organization using the latest version of the custom backdoor Pteredo (Pteranodon). This became known on April 20, 2022.

The group, connected by specialists with Russia, has been conducting cyber espionage operations against Ukrainian government organizations since at least 2014. According to experts, she carried out more than 5 thousand cyber attacks on 1.5 thousand public and private enterprises in the country.

Pteredo has its origins hacker in the forums where the Shuckworm group acquired it in 2016. Hackers began to actively develop a backdoor, adding DLL modules to it for theft, data remote access and penetration analysis.

In addition to Pteredo, in recent attacks, Shuckworm also used the UltraVNC remote access tool and Microsoft Process Explorer to process DLL module processes.

If we compare the Shuckworm attacks on Ukrainian organizations since January 2022, then we can come to the conclusion that the group has practically not changed its tactics. In previous attacks, Pteredo variants were downloaded to the attacked systems using VBS files hidden inside the document attached to the phishing email. 7-Zip files are unzipped automatically, which minimizes user interaction (the same files were used in January attacks).

At the end of April 2022, Pteredo is still being actively developed, which means that hackers can work on a more advanced, powerful and detectable version of the backdoor, as well as modify their attack chain^[2].

Statement by the Russian Foreign Ministry in connection with the ongoing cyber aggression by the "collective West"

On March 29, 2022, it became known about the statement of the Russian Foreign Ministry in connection with the ongoing cyber aggression by the "collective West." Read more here.

Experts: There is no catastrophic cyber war between Russia and Ukraine yet

There is (so far) no catastrophic cyber war between Russia and Ukraine, experts say. This became known on March 10, 2022.

Both sides understand that catastrophic cyber attacks will lead to mutually guaranteed destruction of systems.

Amid the height of the military conflict between Russia and Ukraine, there is growing concern about unprecedented cyber warfare. Experts are closely monitoring both sides, fearing serious conflicts in cyberspace, the damage from which could surpass the damage from physical battles.

Earlier, US President Biden said that the United States is "ready to respond" to any attacks on critical infrastructure. At the same time, many fear "digital Pearl Harbor." However, according to experts, so far it is relatively calm on the cyber front.

The fear of cyber war did not arise from scratch. International experts have repeatedly accused the Russian Federation of carrying out cyber attacks. In particular, Russian hackers allegedly associated with the Russian government are accused of large-scale cyber attacks on Ukrainian electric power companies in 2015-2016 and the spread of NotPetya malware in 2017.

In addition, hackers not working for the government are contacting a number of serious cyber attacks on large companies, including the American fuel giant Colonial Pipeline in 2021.

Since January 2022, 70 Ukrainian sites have been defaced, and cyber attacks on several ministries, also attributed to the Russian Federation, have also been carried out separately.

Although these attacks were "substantial and unprecedented," they are "not yet catastrophic," said Aaron Turner, a specialist at the California information security company Vectra. According to him, this is due to the fact that neither side wants to be the first to "throw a stone in the third world war."

Most likely, we have achieved a kind of detente, when both sides understand that catastrophic cyber attacks are likely to lead to mutually guaranteed destruction of systems, Turner told The Guardian.

In addition, the powers are better prepared to prevent attacks than before, so perhaps some larger hacks were stopped, experts say. The US has invested billions in cyber defence from both private and public sources. Ukraine has spent the past seven years since the 2015 energy grid attack strengthening its infrastructure.

Senior White House Information Director Theresa Payton accused Russia of investing more resources in coordinated disinformation campaigns. According to Glenn S Gerstell, former chief adviser to the US National Security Agency, the fact that Russia chose disinformation over destructive cyber attacks was not a surprise. Infrastructure attacks would be seen as "equivalent to physical attacks using bombs or missiles," while propaganda is in the grey zone.

These are all actions located below the line of actions that can be considered military, but they are still harmful and very dangerous, "Gerstell said.

Python also noted that the absence of destructive cyber attacks for March 2022 does not mean that they will not be later. Many covert operations, especially large-scale ones, take time to deploy. For example, in the case of SolarWinds, Russian hackers began attacking the company in March 2020, while this became known only in December 2020.

{{quote 'There may be incidents that we are not yet aware of. In the case of Russia, I always say, if nothing is happening yet, you still need to be on your guard, "Python said. There is no ^[3]. }}

Russian hacker group RaHDit hacked 755 state sites in Ukraine

The Russian hacker the RaHDit group hacked 755 state sites. Ukraine This became known on March 3, 2022.

Telegram channel published screenshots from hacked sites with addresses olginska-miskrada.gov.ua, bozhedarivska-selrada.gov.ua, dalnycka-gromada.gov.ua. On March 3, the data of the Internet page was unavailable.

According to the source, earlier hacktivists Anonymous conducted a massive deface of large Russian media and posted anti-war slogans on them. Also, hackers hacked into the management of the equipment of the Selyatino agricultural hub in the Moscow region and tried to spoil 40 thousand tons of frozen products.

The vice president Rostelecom of "" warned information security Igor Lyapunov that attacks the number of authorities RUSSIAN FEDERATION in has grown hundreds of times over the past week^[4]

Ukraine convenes an army of cybercriminals to fight Russia

The Ukrainian Ministry of Defense turned to hackers for help in the confrontation with Russia. Calls to help the country are posted on hacker forums. This became known on February 25, 2022.

Messages sent by the Ukrainian military contain an offer to take part in the cyber war, but it is on the side of Ukraine. At the same time, hackers who are ready to go to the virtual front must send a special statement to the Ukrainian authorities, implemented in the form of the usual Google Docs form. In it, they need to indicate their "specialization," that is, what they are doing on the Internet. For example, they can indicate that they are developing malware.

Ukrainian cyber community! It's time to deal with the cyber defense of our country, "reads the call of the Ministry of Defense.

At the same time, it is not known what fate awaits those who will give themselves up and start working for the state.

According to the source, the military acted only as a customer, and fulfilled the order of the co-founder of the information security company Cyber ​ ​ Unit Technologies Yegor Aushev. Its offices are based in the UAE, South Korea and Ukraine, according to the company's official website.

Aushev's company is known for working with the Ukrainian government to protect critical infrastructure. Later, Yegor Aushev told the agency that he wrote this post at the request of a high-ranking official of the Ministry of Defense, who contacted him on Thursday, February 24, 2022. Aushev did not disclose the official's name.

The plans of the Ukrainian military include the creation of two armies at once, consisting of cybercriminals. According to Yegor Aushev, some of the fighters of the virtual front will deal with the cyber defense of Ukraine, while others will commit attacks on the country's enemy in virtual space.

Cyber ​ ​ defenders will have to repel attacks by enemy hackers on various infrastructure facilities in Ukraine, including power plants and water supply systems. Probably, the country's authorities do not want a repeat of 2015, when unknown hackers left hundreds of thousands of Ukrainians without electricity.

Also in January 2022, government websites of Ukraine were subjected to large-scale hacking. They were disabled for several days. The attack was attributed to Russian hackers, but there is no evidence of this.

Aushev added that the offensive part of the cyber soldiers of Ukraine will, among other things, also deal with intelligence. Hackers will collect information about Russian troops in Ukraine. Шаблон:Quote 'We have an army inside the country,' Aushev said. "We need to know what they're doing.

The source's experts were able to get in touch with Aushev in the late evening of February 24, 2022. He said that in the first few hours from the moment the draft was placed, he received "hundreds" of applications.

According to him, now each of the applicants must pass the test to make sure that he is not a Russian cyber spy, a progressive Ukrainian hacker-patriot. How exactly the check will be carried out, and whether the Ukrainian military will participate in it, Aushev did not specify Ukraine^[5].

Notes