A List of Cyber Attacks Against Ukraine

Security Yearbook 2022 will publish the list of Significant Cyber Incidents tracked by CSIS.org.

I went back further to pull the list of attacks against Ukraine attributed to Russia. After the attacks of ten days ago, this year is shaping up to be a difficult year for Ukraine cyber defenders.

Here is the list of 13 attacks since 2015.

March 2021. Ukraine’s State Security Service announced it had prevented a large-scale attack by Russian FSB hackers attempting to gain access to classified government data.

February 2021. Ukrainian officials reported that a multi-day distributed denial-of-service attack against the website of the Security Service of Ukraine was part of Russia’s hybrid warfare operations in the country.

August 2020. Ukrainian officials announced that a Russian hacking group had begun to conduct a phishing campaign in preparations for operations on Ukraine’s independence day

April 2019. Ukrainian military and government organizations had been targeted was part of a campaign by hackers from the Luhansk People’s Republic, a Russia-backed group that declared independence from Ukraine in 2014.

December 2018. Security researchers discover a cyber campaign carried out by a Russia-linked group targeting the government agencies of Ukraine as well as multiple NATO members

December 2018. The Security Service of Ukraine blocked an attempt by the Russian special services to disrupt the information systems of Ukraine’s judicial authority

November 2018. Ukraine’s CERT discovered malware in the computer systems of Ukraine state agencies believed to be implanted as a precursor for a future large-scale cyber attack

October 2018. The Security Service of Ukraine announced that a Russian group had carried out an attempted hack on the information and telecommunication systems of Ukrainian government groups

September 2018. Russian hackers targeted the email inboxes of religious leaders connected to Ukraine amid efforts to disassociate Ukraine’s Orthodox church from its association with Russia.

July 2018. Ukrainian intelligence officials claim to have thwarted a Russian attack on the network equipment of a chlorine plant in central Ukraine. The virus used in the attack is the same malware responsible for the infection of 500,000 routers worldwide in a campaign the FBI linked to state- sponsored Russian hackers.

June 2018. Ukraine police claim that Russian hackers have been systematically targeting Ukrainian banks, energy companies, and other organizations to establish backdoors in preparation for a wide-scale strike against the country.

December 2016. Russian hackers targeted Ukraine’s national power company, Ukrenergo, and shut down power to northern Kiev for over an hour.

December 2015. Russian hackers coordinated attacks on several regional power distribution companies in Western Ukraine. SCADA systems and system host networks were targeted and damaged. Malware was used to probe for network vulnerabilities, establish command and control, and wipe SCADA servers to delay restoration. Attackers simultaneously launched a denial of service attack on system dispatchers to prevent customers from reporting disruptions. Approximately 225,000 Ukrainians were affected, but service was restored after 3-6 hours.