Cyber ​ ​ war of Russia and Ukraine

Main article: Cyber ​ ​ wars

2025: Roseltorg electronic trading platform has been down for several days. Pro-Ukrainian hackers claim responsibility for cyber attack

On January 9, 2025, the electronic trading platform Roseltorg announced a massive hacker attack on its information infrastructure. Roseltorg's services do not work, and pro-Ukrainian hackers took responsibility for the invasion. Read more here.

2024

Organization of 70% of complex cyber attacks on Russia by pro-Ukrainian groups

East European pro-Ukrainian hacker groups are behind 70% of complex cyber attacks on Russian organizations since the beginning of 2024. These statistics were presented on November 5, 2024 based on the results of investigations by the Cyber ​ ​ Threats Research Center.

According to the information security company Solar, the most active are the Shedding Zmiy groups, responsible for 37% of the attacks, and Lifting Zmiy, which carried out 18% of cyber attacks. The first specializes in spying on Russian organizations since 2022, the second exploits vulnerabilities in public services.

70% of complex cyber attacks on Russia since the beginning of 2024 were organized by pro-Ukrainian groups

Gennady Sazonov, engineer of the Solar 4RAYS incident investigation group, said that the level of attackers has increased significantly, and next year it is expected to increase the number of incidents aimed at stealing confidential data and destroying key infrastructure.

According to the study, 54% of attacks in 2024 were related to espionage, which exceeds the 2023 figure (37%). Financial motives, including extortion and cryptocurrency mining, accounted for 20% of incidents, and data destruction accounted for 11% of attacks.

For 10 months of 2024, experts identified the activities of nine hacker groups and clusters. Unlike in 2023, when activity was distributed among more groups, there is a concentration of attacks in fewer attackers in 2024.

Experts note a difference in the tactics of groups: Eastern European hackers seek to maximize the destruction of compromised infrastructure, while Asian groups prefer a long covert presence to collect information.

The proportion of hooligan and hacktivist attacks fell from 46% in 2023 to 11% in 2024, suggesting a shift to more targeted and professional cyber attacks.^[1]

Hackers hacked the website of the Tver administration and turned off paid parking in the city

At the end of October 2024, cybercriminals attacked the IT infrastructure of the Tver administration. As a result of the invasion, various Internet services were disrupted, including an online parking payment system. Read more here

The United States is looking for a Russian who is accused of destroying the IT systems of the Ukrainian government

On June 26, 2024, the US Department of Justice announced that charges were brought against Russian citizen Amin Stigal of trying to hack and destroy the computer systems of a number of government organizations in Ukraine. For information about the whereabouts of the man, the American authorities offer a reward of up to $10 million. Read more here

Hackers posted Putin's quote and congratulations on May 9 on 100 Ukrainian websites

On May 9, 2024, Russian hackers posted on the websites of Ukraine a quote from Russian President Vladimir Putin and congratulations on Victory Day. In total, more than 100 Ukrainian Internet resources have been hacked - mainly the sites of universities, lyceums and other educational institutions.

The action, according to RIA Novosti, was announced by one of the members of the Kilobyte V hacker group. According to him, deface (a hacker attack aimed at distorting or replacing the main page of the site) did not interfere with the work of hacked resources. A photo collage with a somewhat abbreviated quote from Putin was posted on the main pages of Ukrainian sites.

We have always - and you know my position - considered the Ukrainian people a fraternal people. I still think so now. And what is happening is, of course, a tragedy, our common tragedy! But it is not the result of our policies. Dear Ukrainians, our grandfathers fought side by side with fascism, today is the day of our common victory, with which we congratulate you! From May 9! Happy Victory Day!, "Putin said.

The hackers stressed that their main goal was to congratulate the Ukrainian youth on Victory Day and remind them of the overall victory over Nazism. Members of the Kilobyte V group called on those Ukrainian servicemen who do not want to die for the Kyiv regime to use the radio frequency 149.200 with the call sign Volga, through which you can get in touch with the Russian Armed Forces and agree on how to lay down your arms and surrender to the Russian military.^[2]

Ukrainian system for crossing the border "Shlyakh" does not work due to cyber attack

The Ukrainian system for crossing the border "Shlyakh" does not work due to a cyber attack. This was announced by the State Service of Ukraine for Transport Safety (Ukrtransbezopasnost) on January 25, 2024. Read more here.

Ukrainian Naftogaz turned off IT systems after a large-scale cyber attack on the data center

On January 25, 2024, Naftogaz Ukrainy Corporation announced a hacker attack on its IT infrastructure. The holding was forced to turn off some of the services. Read more here.

Russian hackers have been in the Kyivstar system since May 2023 - SBU

In early January 2024, the head of the cybersecurity department of the Security Service of Ukraine (SBU) Ilya Vityuk told some details of the cyber attack on Kyivstar. According to him, Russian hackers have been in the IT systems of the Ukrainian telecom operator for several months. Read more here.

2023

Cisco secretly sends modified switches to Ukraine to protect against cyber attacks

At the end of November 2023, it became known that the American corporation Cisco secretly sends To Ukraine specially modified switches to protect against. cyber attacks Such equipment is supplied, in particular, by the national energy company Ukrenergo. More. here

Red Cross - Civilian hackers howling for Russia or Ukraine are legitimate military targets

On February 17, 2023, Mauro Vignati, an adviser to the International Committee of the Red Cross (ICRC), announced that civilian hackers carrying out cyber attacks in the current geopolitical situation could be retaliated against by military structures. Read more here.

2022

The European Union allocated funds for the creation of a cyber laboratory for the Armed Forces of Ukraine

On December 2, 2022, the European Union announced funding for a project to create a special cyber laboratory for the Armed Forces of Ukraine. We are talking about the supply of both software and equipment. Read more here.

US Cybercom for the first time revealed the details of its work on the cyber defense of Ukraine

On November 28, 2022, the US Cybercom, located on the territory of the Fort Mead military base in Maryland, first revealed the details of a special operation to ensure the protection of Ukraine in cyberspace. Read more here.

Hackers published data of hundreds of cadets and teachers of the SBU Academy

In November 2022, the hacker group RaHDit published on the Nemesis portal lists of teachers and cadets of the Academy of the Security Service of Ukraine. Read more here.

Britain sent cyber spies to help Ukraine

On November 1, 2022, the information portal of the UK government disclosed information about the UK Ukraine Cyber ​ ​ Program initiative to support Ukraine in cyberspace. Read more here.

Britain, USA, Germany, the Netherlands, Poland and Estonia support the work of fraudulent call centers in Ukraine against Russians

At the end of October 2022 Russian Foreign Ministry , he accused Western countries of supporting "hostile" call centers on. To Ukraine A number of Western countries, including,,, and Britain USA, GERMANY Netherlands Poland Estonia are pursuing a policy of infrastructure support for the functioning of Ukrainian call centers engaged in fraud against Russians.

RaHDIt hackers released data from 1.5 thousand Ukrainian intelligence officers

At the end of September 2022, it became known about the leakage of personal data of employees of the Foreign Intelligence Service of Ukraine. The corresponding base was posted by the RaHDIt cyber group, which is called Russian in the media. Read more here.

Russian hackers hacked into the SBU YouTube channel and uploaded a video there

At the end of August 2022, Russian hackers hacked into the official account Security services Ukraine(SBU) and YouTube posted pro-Russian videos there. The Telegram Mash channel drew attention to this. More. here

Ukrainian hackers attacked Russian video conferencing services TrueConf, Videomost, Webinar.ru and iMind

At the end of August 2022, it became known about cyber attacks on Russian video conferencing services. In particular, platforms, TrueConf, and collided with them Videomost. Webinar.ru iMind More. here

Russian hackers attacked the website of the Security Service of Ukraine

Hacker Anonymous Russia attacked Security Services site group Ukraine (). SSU The fact that as a result of their actions the resource became unavailable is reported in the hacker Telegram association channel. This became known on August 10, 2022. Details. here

Microsoft, commissioned by the Pentagon, deprived Ukraine of digital sovereignty

Microsoft works by order of the special services and the Pentagon, their joint activities deprived Ukraine of information sovereignty and control over digital infrastructure. Oleg Syromolotov, deputy head of the Russian Ministry of Foreign Affairs (MFA), said this on July 18, 2022 (his comment is given on the agency's website). Read more here

Rosreestr's website was hacked. The main posted data on the day of the Constitution of Ukraine

On June 28, 2022, a cyber attack was committed on the website of the Federal Service for State Registration, Cadastre and Cartography (Rosreestr), as a result of which congratulations in honor of the day of the Constitution of Ukraine were displayed on the main page of the resource. Read more here.

Ukraine uses a new principle of cyber attacks against Russia

At the end of May 2022, it became known about a new principle cyber attacks that began to be used Ukraine against Russia after the start of a special military operation. We are talking about BGP Hijacking technology, said the Vedomosti CEO and co-founder of the company. StormWall Ramil Hantimirov More. here

Kyiv admitted its involvement in hacker attacks against Russian companies

Ukrainian Deputy Prime Minister Mikhail Fedorov boasted that he had created "the world's first cyber army." This became known on April 27, 2022.

Kyiv organized over 660 cyber attacks against state institutions and enterprises in Russia and Belarus.

At the end of April 2022, we have about 300 thousand specialists. Participation is voluntary, and we organize it through where messenger Telegram we post daily tasks, - explained Mikhail Fedorov, adding that there are no personal contacts "with cyber volunteers."

Earlier UK Ministry of Defence reported that some of servers the department may have been hacked, hackers presumably working for. Russian government Cybercriminals stole outsourcing 100 Capita data Army recruits from the firm who the British worked for others countries as spies.

Also, Russian hackers were suspected of cyber attacks on German renewable power^[3]

Shuckworm hackers attack Ukrainian organizations with the latest version of the Pteredo backdoor

Specialists INFORMATION SECURITY- the company Symantec reported on attacks cybercriminal the grouping of Shuckworm (Armageddon or Gamaredon) the Ukrainian on the organization using the latest version of the custom backdoor Pteredo (Pteranodon). This became known on April 20, 2022.

The group, connected by specialists with Russia, has been conducting cyber espionage operations against Ukrainian government organizations since at least 2014. According to experts, she carried out more than 5 thousand cyber attacks on 1.5 thousand public and private enterprises in the country.

Pteredo has its origins hacker in the forums where the Shuckworm group acquired it in 2016. Hackers began to actively develop a backdoor, adding DLL modules to it for theft, data remote access and penetration analysis.

In addition to Pteredo, in recent attacks, Shuckworm also used the UltraVNC remote access tool and Microsoft Process Explorer to process DLL module processes.

If we compare the Shuckworm attacks on Ukrainian organizations since January 2022, then we can come to the conclusion that the group has practically not changed its tactics. In previous attacks, Pteredo variants were downloaded to the attacked systems using VBS files hidden inside the document attached to the phishing email. 7-Zip files are unzipped automatically, which minimizes user interaction (the same files were used in January attacks).

At the end of April 2022, Pteredo is still being actively developed, which means that hackers can work on a more advanced, powerful and detectable version of the backdoor, as well as modify their attack chain^[4].

Statement by the Russian Foreign Ministry in connection with the ongoing cyber aggression by the "collective West"

On March 29, 2022, it became known about the statement of the Russian Foreign Ministry in connection with the ongoing cyber aggression by the "collective West." Read more here.

Experts: There is no catastrophic cyber war between Russia and Ukraine yet

There is (so far) no catastrophic cyber war between Russia and Ukraine, experts say. This became known on March 10, 2022.

Both sides understand that catastrophic cyber attacks will lead to mutually guaranteed destruction of systems.

Amid the height of the military conflict between Russia and Ukraine, there is growing concern about unprecedented cyber warfare. Experts are closely monitoring both sides, fearing serious conflicts in cyberspace, the damage from which could surpass the damage from physical battles.

Earlier, US President Biden said that the United States is "ready to respond" to any attacks on critical infrastructure. At the same time, many fear "digital Pearl Harbor." However, according to experts, so far it is relatively calm on the cyber front.

The fear of cyber war did not arise from scratch. International experts have repeatedly accused the Russian Federation of carrying out cyber attacks. In particular, Russian hackers allegedly associated with the Russian government are accused of large-scale cyber attacks on Ukrainian electric power companies in 2015-2016 and the spread of NotPetya malware in 2017.

In addition, hackers not working for the government are contacting a number of serious cyber attacks on large companies, including the American fuel giant Colonial Pipeline in 2021.

Since January 2022, 70 Ukrainian sites have been defaced, and cyber attacks on several ministries, also attributed to the Russian Federation, have also been carried out separately.

Although these attacks were "substantial and unprecedented," they are "not yet catastrophic," said Aaron Turner, a specialist at the California information security company Vectra. According to him, this is due to the fact that neither side wants to be the first to "throw a stone in the third world war."

Most likely, we have achieved a kind of detente, when both sides understand that catastrophic cyber attacks are likely to lead to mutually guaranteed destruction of systems, Turner told The Guardian.

In addition, the powers are better prepared to prevent attacks than before, so perhaps some larger hacks were stopped, experts say. The US has invested billions in cyber defence from both private and public sources. Ukraine has spent the past seven years since the 2015 energy grid attack strengthening its infrastructure.

Senior White House Information Director Theresa Payton accused Russia of investing more resources in coordinated disinformation campaigns. According to Glenn S Gerstell, former chief adviser to the US National Security Agency, the fact that Russia chose disinformation over destructive cyber attacks was not a surprise. Infrastructure attacks would be seen as "equivalent to physical attacks using bombs or missiles," while propaganda is in the grey zone.

These are all actions located below the line of actions that can be considered military, but they are still harmful and very dangerous, "Gerstell said.

Python also noted that the absence of destructive cyber attacks for March 2022 does not mean that they will not be later. Many covert operations, especially large-scale ones, take time to deploy. For example, in the case of SolarWinds, Russian hackers began attacking the company in March 2020, while this became known only in December 2020.

{{quote 'There may be incidents that we are not yet aware of. In the case of Russia, I always say, if nothing is happening yet, you still need to be on your guard, "Python said. There is no ^[5]. }}

Russian hacker group RaHDit hacked 755 state sites in Ukraine

The Russian hacker the RaHDit group hacked 755 state sites. Ukraine This became known on March 3, 2022.

Telegram channel published screenshots from hacked sites with addresses olginska-miskrada.gov.ua, bozhedarivska-selrada.gov.ua, dalnycka-gromada.gov.ua. On March 3, the data of the Internet page was unavailable.

According to the source, earlier hacktivists Anonymous conducted a massive deface of large Russian media and posted anti-war slogans on them. Also, hackers hacked into the management of the equipment of the Selyatino agricultural hub in the Moscow region and tried to spoil 40 thousand tons of frozen products.

The vice president Rostelecom of "" warned information security Igor Lyapunov that attacks the number of authorities RUSSIAN FEDERATION in has grown hundreds of times over the past week^[6]

Ukraine convenes an army of cybercriminals to fight Russia

The Ukrainian Ministry of Defense turned to hackers for help in the confrontation with Russia. Calls to help the country are posted on hacker forums. This became known on February 25, 2022.

Messages sent by the Ukrainian military contain an offer to take part in the cyber war, but it is on the side of Ukraine. At the same time, hackers who are ready to go to the virtual front must send a special statement to the Ukrainian authorities, implemented in the form of the usual Google Docs form. In it, they need to indicate their "specialization," that is, what they are doing on the Internet. For example, they can indicate that they are developing malware.

Ukrainian cyber community! It's time to deal with the cyber defense of our country, "reads the call of the Ministry of Defense.

At the same time, it is not known what fate awaits those who will give themselves up and start working for the state.

According to the source, the military acted only as a customer, and fulfilled the order of the co-founder of the information security company Cyber ​ ​ Unit Technologies Yegor Aushev. Its offices are based in the UAE, South Korea and Ukraine, according to the company's official website.

Aushev's company is known for working with the Ukrainian government to protect critical infrastructure. Later, Yegor Aushev told the agency that he wrote this post at the request of a high-ranking official of the Ministry of Defense, who contacted him on Thursday, February 24, 2022. Aushev did not disclose the official's name.

The plans of the Ukrainian military include the creation of two armies at once, consisting of cybercriminals. According to Yegor Aushev, some of the fighters of the virtual front will deal with the cyber defense of Ukraine, while others will commit attacks on the country's enemy in virtual space.

Cyber ​ ​ defenders will have to repel attacks by enemy hackers on various infrastructure facilities in Ukraine, including power plants and water supply systems. Probably, the country's authorities do not want a repeat of 2015, when unknown hackers left hundreds of thousands of Ukrainians without electricity.

Also in January 2022, government websites of Ukraine were subjected to large-scale hacking. They were disabled for several days. The attack was attributed to Russian hackers, but there is no evidence of this.

Aushev added that the offensive part of the cyber soldiers of Ukraine will, among other things, also deal with intelligence. Hackers will collect information about Russian troops in Ukraine. Шаблон:Quote 'We have an army inside the country,' Aushev said. "We need to know what they're doing.

The source's experts were able to get in touch with Aushev in the late evening of February 24, 2022. He said that in the first few hours from the moment the draft was placed, he received "hundreds" of applications.

According to him, now each of the applicants must pass the test to make sure that he is not a Russian cyber spy, a progressive Ukrainian hacker-patriot. How exactly the check will be carried out, and whether the Ukrainian military will participate in it, Aushev did not specify Ukraine^[7].

Notes