Home Science & Technology A brief history of Russia’s cyber attacks against Ukraine

A brief history of Russia’s cyber attacks against Ukraine


Welcome, my cyber warriors!

As the war in Ukraine continues, it is important to keep in mind that this war did not begin in February this year, but lasted for almost ten years. Ever since the people of Ukraine overthrew their despotic Russian puppet in 2014, Russians have been relentlessly attacking the Ukrainian people and its institutions. Before we look at Russian cyberattacks against Ukraine, let’s take a brief look at Ukraine’s recent history.

It’s always hard to sum up a 100-year history in a few paragraphs, but here’s my weak attempt. Please be patient with me and forgive my omissions for the sake of brevity.

The last 100 years of Ukrainian history in a nutshell

In 1922, Ukraine was one of the founding republics of the Soviet Union (the Soviet Union grew out of the Russian Revolution of 1917). It survived the genocide under Stalin and lost 6-8 million people from a mass famine designed by the Soviet state. When Nikita Khrushchev became the leader of the Communist Party of the USSR in 1954, he looked favorably on Ukraine and the Ukrainian people, as well as the leader of the Ukrainian Communist Party. He moved parts of traditional Russia to Ukraine. This included the Crimean Peninsula (Crimea was captured by Catherine the Great in 1781 by the Turks). It expanded the Ukrainian republic, and it remained part of the Soviet Union until its collapse in 1991. When the Soviet Union collapsed, Ukraine suffered a decade of economic deprivation, and its economy shrank by more than 10% a year.

In 1994-2004, Leonid Kuchma was President of Ukraine. His presidency was marked by corruption and scandals. As a result, he decided not to run anymore, and the two leading candidates vying for the presidency, Viktor Yanukovych and Viktor Yushchenko (for those of us in the West, the two names are so similar that they are hard to keep). The first, Yanukovych, was closely linked to Putin, and the second, Yushchenko, wanted to bring Ukraine closer to the West. At the risk of simplification, I will call them Yanukovych linked to Russia and Yushchenko linked to the West. Russia’s candidate linked to Russia, Yanukovych, won the upcoming election, but the opposition and objective election observers reported election fraud and irregularities. This led to the Orange Revolution, which took place from November 2004 to January 2005. The Orange Revolution was a series of protests and political events that challenged the rigging of Yanukovych’s election.

Finally, in February 2005, the Supreme Court of Ukraine declared the election invalid. After another round of elections, Yushchenko, linked to the West, became president.

When the next election took place in 2010, the leading presidential candidates were Yushchenko, Yanukovych and Yulia Tymoshenko. Yushchenko and Tymoshenko were allies during the Orange Revolution, but during this election they became fierce rivals.

In an election marked by widespread corruption and fraud, Russian-linked Viktor Yanakovich was elected prime minister. Yanakovich had close ties to Putin and the Kremlin and was considered Putin’s favorite (his head of the election campaign in Ukraine, Paul Manafort, was the head of Trump’s presidential election campaign in 2016. Coincidentally?). When he imprisoned his rival Yulia Tymoshenko and sought to restrict freedom and bring Ukraine closer to Russia, the Ukrainian people revolted, and in 2014 parliament impeachment against him. Yanakovich fled Ukraine to Russia, where he still lives under Putin’s protection. Shortly afterwards, Russia invaded Ukraine and took control of Crimea and Donbass. Then cyberattacks begin.

In February 2019, Ukraine amended its constitution to facilitate its integration into Europe. In April 2019, former comedian / actor of Jewish descent Volodymyr Zelensky was elected President of Ukraine by an overwhelming majority with 73% of the vote. Zelensky continued Ukraine’s movement from Russia and further integration into the rest of Europe.

On February 24, 2022, Russia invaded Ukraine.

Major cyber attacks by Russia against Ukraine in recent years

To give you some insight into the cyberwar element, here are the highlights of the last 10 years. There have been so many Russian attacks on Ukraine in recent years that it is difficult to reduce this list to a few. Most of the most serious attacks came after mass protests in 2013 that led to Yanakovich’s ouster.

ATM attacked Ploutus

In February 2014, an ATM owned by one of the largest Ukrainian banks was hacked. ATMs were loaded with cash on Friday and were empty until Monday. Gangs occupied by Russia and its separatists in Ukraine have simply ravaged cash. The Ploutus malware was reportedly used in the attack. Ploutus is able to deactivate and bypass traditional antivirus systems.


The BlackEnergy3 attack was a complex attack on the Ukrainian power grid. Blackenergy3 was actually a recovered malware that was previously used for DDoS attacks. The malware relied on social engineering to enter the corporate power grid (it used an email address that appears to come from the Ukrainian government) using the MS Word vulnerability (MS-2014-4144). Then the attackers (Sandworm, a hacker group within the Russian GRU) used facial expressions to collect the credentials used to influence the human-machine interface (HMI) into the SCADA network. They then disconnected 30 circuit breakers at the substations that led to the shutdown. For more information BlackEnergy3, click here.

CrashOveride (aka Industroyer)

CrashOveride was the first malware specifically designed to attack electrical networks (BlackEnergy3 was originally a DDoS tool and evolved into a social engineering tool to access the human-machine interface (HMI) electrical network). He was used against Ukraine in an attack on a transfer substation on December 17, 2016.

SCADA / ICS systems use many protocols, and almost no two systems are alike, making attacks even more complex. However, there is a single protocol designed to translate multiple protocols, known as the OPC. CrashOveride used OPC to communicate with various modules in the electrical substation.

CrashOveride has caused switches on remote terminal blocks (RTUs) to enter an endless cycle. This causes the switches to remain open even if operators have tried to turn them off.

Peter and Peter

Petya was an attack on ransomware programs in 2016 via email attachments. In 2017, following the release of NSA EternalBlue by ShadowBrokers, this malware was redesigned using EternalBlue to gain access to the operating system. Researchers have named a new ransomware NotPetya to distinguish it from Petya. The attack was targeted at Ukraine, but quickly spread around the world, causing billions of dollars in damage to systems. Many call it the most expensive malware in history. NotPetya is a case study of how malware targeted at one country or sector can wreak havoc around the world. The NSA should also be held responsible – in part – for this destruction.

NotPetya identified itself as a ransomware, but even after the victims paid the ransom, their files were still not recoverable. The probable culprit is the Russian hacking group GRU, known as Sandworm.

Paralysis of the Ministry of Finance of Ukraine

Like most state treasuries, the Ukrainian treasury makes periodic payments to both individuals and businesses. On December 6, 2016, the Treasury of Ukraine, the Ministry of Finance and the Pension Fund were shut down for two days, delaying payments to various organizations. It looks like it was a coordinated DDoS attack against these government departments.

Sealed wiper

Similarly, when the war began in February 2022, a number of organizations in Ukraine were affected by an attack known as the Hermetic Wiper. It is a sophisticated malware that removes and corrupts files including file fragmentation, making it very difficult to recover in recovery. It focused primarily on the financial sector, agriculture, emergency response and energy.

Industroyer and CaddyWiper

On April 12, 2022, the Russian state hacker group, known as Sandworm, once again tried to eliminate Ukraine’s power grid. The attack attempted to destroy a major Ukrainian energy supplier by shutting down its electrical substations using a new version of Industroyer2’s malware for industrial systems management systems (ICS) and a new version of malware CaddyWiper.

The threat used a version of the Industroyer ICS malware configured for targeted high-voltage electrical substations and then tried to erase the traces of the attack by running CaddyWiper and other families of malware to track data tracked like Orcshred, Soloshred and Linux Aw. and Solaris systems.


The Ukrainian people rejected the tyrannical policies of Putin and his puppets and paid a heavy price. Ever since Ukraine abandoned Putin’s puppet as prime minister, Russia has been beating their economy and institutions non-stop. That should stop. Unfortunately, Putin respects only the government. So we have to act.

Previous article3 predictors of cybersecurity launch success
Next articlePlants grow in NASA soil from the moon but on Earth