Since 2007 Russia has been responsible for more than 15 cyber attacks worldwide including in countries across Europe, Asia, and the USA. Russia has targeted many industries from financial institutes, government websites, media, and even ISPs (Internet Service Providers) in an attempt to shut down entire areas or countries. In this article, we will go through the most important need-to-know statistics about Russian cyber attacks.
What Countries has Russia Launched Cyber Attacks Against?
Russia is responsible for more than 25 known major cyber attacks since 2007. In short, here are the countries that have been most targeted by the Russian Federation:
- 1 on Estonia
- 1 on Lithuania
- 2 on Georgia
- 1 on Kyrgyzstan
- 1 on Kazakhstan
- 1 on Finland
- 5 on Ukraine
- 1 on Germany
- 1 on France
- 5 on the United States
- 1 on The Netherlands
- 1 on the United Kingdom
- 1 on South Korea
- 1 on Poland
- 1 on Venezuela
List of Known Russian Cyber Attacks (DDoS and Hacks) & Russian Cyberwarfare History
Below is a brief overview of each known cyber attack that has been linked to Russia. Russia is well known for using cyber attacks against countries in combination with military warfare and this term has been coined ‘cyberwarfare’. The recent Ukraine invasion in 2022 is just one example of Russian cyberwarfare and how it is employed to damage countries’ infrastructure to weaken them either before or during a physical attack.
2007 – Estonia
Russia disabled the Estonian internet infrastructure with multiple DDoS attacks focused on targeting government websites and financial institutions. During the cyber attack all banking was shut down, internet users were unable to communicate by email, and news sites could not distribute updates on global or local events.
Nothing quite like the attacks on Estonian websites had been seen before but the attacks have since been linked to Russian hacking groups, such as Nashi. Sergei Markov of the Russian State Duma also stated that one of his aides orchestrated the entire cyber attack against Estonia.
This massive cyber attack on Estonia led to the creation of the Cooperative Cyber Defence Centre of Excellence in Tallinn as well as the Tallinn Manual on the International Law Applicable to Cyber Warfare.
2008 – Lithuania
Another Russian attack on the Baltic States occurred in 2008 when Russia targeted around 300 government websites in Lithuania. Hacker groups updated these websites with hammer-and-sickles and five-pointed stars; the symbols from Soviet time. As well as this, the websites were defaced with anti-Lithuanian symbols. The Russian cyber attack came in response to Lithuania banning Soviet symbols.
There have always been tensions between Russia and the Baltic States which comprise Estonia, Latvia, and Lithuania. While there is no conclusive evidence that these attacks on Lithuanian websites came from Russia, they were carried out by foreign computers which many believe is an indication they were carried out by Russian hackers.
2008 – Georgia
In 2008 Russia shut down Georgia’s internet, interrupting all internal communication while the Russian Federation invaded the country in a 5-day war
2009 – Kyrgyzstan
Russian Hackers shut down two of the four ISPs in Kyrgyzstan with DDoS attacks to get Kyrgyzstan to close down an American military base. It worked.
2009 – Kazakhstan
Kazakhstan media website published a statement by the president that criticized Russia. The website was taken down by a DDoS attack shortly after and did not recover until a press release stated that the original statement was removed.
2009 – Georgia
Russia celebrated the one-year anniversary of the Georgian invasion by shutting down Facebook and Twitter in Georgia.
2013 – Finland
Russian hackers targeted Finland’s Foreign Ministry website in a widespread attack in Western Europe.
2014 – Ukraine
Trying to rig the presidential election in Ukraine, a Russian-based hacking group took down the election commission website and even shut down the backup systems. Ukrainian experts were able to restore the website the day before the election. The Russian hackers were later arrested and the “Russian-prefered” candidate lost.
2014 – Ukraine
While Russia took control of Crimea, a huge DDoS attack hit Georgia’s internet and disrupted all internal communication. This is the largest known attack since Georgia in 2008.
2015 – Germany
For the first time, Russia targeted western countries and hit the German Bundestag. This was the most significant hack in German history. The Germans claimed that Russia even tried to penetrate the computer of Chancellor Angela Merkel.
2015 – Ukraine
Russian Hackers took control of an Ukranian power station leaving more than 200,000 homes without power.
2015 – France
In 2015 the French broadcast service TV5Monde was attacked by Russian hackers who used malware to destroy their systems and take down all channels.
2015 – United States
CNN reported Russian hackers penetrated the White House in one of the most sophisticated attacks ever launched against US government systems.
2015 – United States
Russian hackers working for the Russian government are suspected of hacking the State Department among other American government institutions.
2015-2016 – United States
Russian Hackers penetrated computers from members of the Democratic Party and published emails of officials on WikiLeaks. Both the CIA and FBI believe this helped Trump win the election.
2015 – The Netherlands
It’s believed that the Russian government tried to hack the Dutch Government’s computers to pull a report about Flight MH17 that was shot down over Ukraine. The Dutch Safety Board concluded that the flight was taken down by Russian missiles.
2016 – United Kingdom
Ben Bradshaw claimed in Parliament that Russia had interfered in the Brexit referendum campaign.
2017 – France
During the French presidential election, more than 20,000 e-mails belonging to Emmanuel Macron were dumped on a file-sharing website shortly after his campaign was hacked. A security firm later states it was Russian hackers behind the attack and leak.
2018 – United States
The United States Computer Emergency Response Team released an alert warning that the Russian government was executing a multi-stage intrusion campaign by Russian government cyber actors. They allegedly targeted US power plants, water-processing facilities, and government facilities.
2018 – South Korea
According to the United States officials, Russia was behind the cyberattack on the 2018 Winter Olympics. This was a worm that infected all Olympic IT infrastructure taking down Wi-Fi and freezing all activities.
2019 – Poland
In 2019, a different cyber attack was found by firms OKO.press and Avaaz. A three-year Russian disinformation campaign on Facebook with 4.5 million Poles was discovered and removed by Facebook.
2019 – Venezuela
Website runrun.es was out of service due to an attack originating from Russia.
2020 – United States
In 2020, a group known as APT29 working for Russia’s Foreign Intelligence Service breached a cybersecurity firm and multiple U.S. government agencies including the Treasury, Commerce, and Energy departments and the National Nuclear Security Administration.
2021 – Ukraine
Russia attacked the System of Electronic Interaction of Executive Bodies, a web portal used by the Ukrainian government.
2022 – Ukraine
A cyber attack from Russia took down the website of the ministry of foreign affairs and other government websites.
In February 2022 before Russian troops entered Ukraine several major Ukrainian websites (mostly government websites) were taken down by cyber attacks.
Russian Cyber Attacks Explained
The majority of historical Russian cyber attacks usually consist of first dismantling a country’s infrastructure so that the most essential services cannot function properly. This includes targeted DDoS attacks that cut off access to banks, hospital servers, and power plants. Doing this can effectively shut down a country’s ability to function, cutting off access to electricity and essential services.
However, infiltrating a government or entire country is a long game and in most cases, it requires some ‘help’ from an insider in the government. This does not mean that the insider knows he’s working against his own government – but a simple phishing link in an e-mail, opening a PDF document from an unknown sender, or following a suspicious link on Facebook is all it takes to open the door for the enemy.
With that being said, there are many Russian state-backed hacking groups that carry out attacks around the world. These attacks are allegedly said to be funded by the Russian government, meaning some of the groups have unlimited access to money, resources, and sensitive information they need to carry out these security breaches. In short, Russia is home to some of the strongest hacker groups in the world.
Russian cyber attacks carried out by notable hacking groups don’t just involve dismantling infrastructure. Many attacks involve breaching databases and leaking information to cause disruption in other countries by causing citizens to distrust governments. A notable example is Russia’s involvement in the US WikiLeaks emails that led to a negative public view of Hillary Clinton during the 2016 US presidential election.
Russian Cyber Attack on US Banks
With global sanctions against Russia during the 2022 Ukraine conflict affecting the country’s banks and Ruble worth, US banks are preparing for retaliatory Russian cyber attacks. US banks are scaling up security measures such as network monitoring, carrying out additional training with cybersecurity scenarios, and increasing the workforce.
As well as this, US banks are looking back at historical financial institution breaches to learn lessons and get an idea of what a Russian cyber attack on US banks could look like. For example, the 2020 SolarWinds breach, which enabled Russian hacker groups to gain information on US federal information, is being studied by top US banks.
Many believe that hackers could gain access to banking systems much in the same way as during the SolarWinds attack. Cybercriminals took advantage of weaknesses in Microsoft identification software and hacked into SolarWinds code production.
If Russia does attack US banks in the coming weeks or months, it won’t be the first time. Indeed, one of the first cyber attacks on US banks occurred in 1994 and was carried out by Russian individuals. The group stole up to $10 million and an individual named Vladimir Levin was later convicted for the crimes.
Famous Russian Hacker Groups and Individuals
Russia has produced some of the most notable hackers and groups in history. Here are some of the most famous.
Vladimir Levin
The father of hacking and biochemist from St. Petersburg in Russia. Most known for gaining access to Citibank and transferring over $10 million into accounts in different countries. Levin was caught in 1998 and convicted in the US.
Igor Klopov
Igor used the Forbes 400 richest Americans to find his targets. From his hometown, in Moscow, he lured them into his life and stole more than $1.5 million.
The Koobface Gang
This Russian hacker group from St. Petersburg is said to be the inventor of clickbait. The Koobface Gang uses worms to infect computers with emails titled “You have to watch this video!” and “You won’t believe this!” leading to a worm that infects thousands of computers.
REvil
REvil (also known as Sodinokibi) is the recently dismantled Russian ransomware group. The group was behind some of the biggest ransomware attacks in history including the Kaseya breach in July 2021, in which $70 million was demanded.
In November 2021, Ukrainian national Yaroslav Vasinskyi and Russian national Yevgeniy Polyanin were arrested and now face over 200 years combined in prison for ransomware acts.
Cyber Groups Involved in the Russia Ukraine War
International cyber groups have joined the Russia Ukraine war and are taking sides. Anonymous, one of the most well-known hacker groups, has been active in the conflict, continuously taking down Russian state channels through DDoS attacks as part of its cyber war against the state. There are many other groups that are assisting Ukraine with cyber attacks including the following:
- AgainstTheWest: This group has been supporting Ukraine since 2020 and carries out ransomware attacks and data breaches against Russian companies.
- Anonymous: Anonymous has been active in attacking Russian state television since February 2022 in support of Ukraine.
- Anonymous Liberland & the PWN-BAR hack team: This group hacked into and released 200GB of emails from Tetraedr, a Belarusian weapons manufacturer that supplies arms to Russia.
- Belarusian Cyber Partisans: This group has been targeting Russian since 2020 and has hacked into the Belarusian Railways computer to disrupt the recent conflict in Ukraine.
- GhostSec: GhostSec has officially announced its support for Ukraine and mostly uses Telegram to communicate about its hacks.
- IT Army of Ukraine: This is the volunteer group that is made up of Ukraine’s underground hacking community. The army has been given a target list of websites in Russia and Belarus.
- KelvinSecurity Hacking Team: The cyber group has been very active on Twitter and has released a weapons development document from a Russian ballistic institute.
- Raidforums Admin/ Raidforums 2: This popular hacking forum has announced its support for Ukraine. The admin members of the site are actively carrying out DDoS attacks on Russian sites.
- GNG: A hacker group that has affiliations with Anonymous has announced its support of Ukraine and has released a Moscow Oligarch database.
- NB65: NB65 has also announced its support for Ukraine on Twitter. The cyber group has released images on Twitter suggesting it has hacked into the Russian space system.
- SHDWsec: This group has announced its support for Anonymous and Ukraine and hinted that it will be carrying out many attacks on Russian infrastructure.
- ContiLeaks: This famous cybercriminals group has split into opposing sides, with half of the members supporting Russia and half on Ukraine’s side. Ukrainians have been leaking Russian Conti ransomware secrets to assist in the conflict.
- GhostClan: This group has assisted in taking down the Russian space website among other sites.
While there are many cyber groups helping Ukraine, Russia also has a ton of support from groups. These include:
- Conti Ransomware: While ContiLeaks is a fraction of the Conti group that is in support of Ukraine, Conti Ransomware is primarily helping the Russian side. The group has stated it will strike back at enemies by targeting infrastructure in retaliation for attacks on Russia.
- Cooming Project: The Cooming Project hacker group has announced that it will assist the Russian government if there are attacks. The announcement by this prominent group is what led to Ukraine reaching out to its underground hacking community for help.
- Free Civilian: This group is allegedly state-funded and stole data from Ukrainian government websites in late February 2022.
- The Red Bandits: Thought to be a Russian Intelligence group, The Red Bandits has hacked into Ukrainian police dashcams.
- SandWorm: Another Russian state-backed group is SandWorm. This group has deployed malware such as Cyclops Blinks and many fear it will use malware to attack Ukrainian systems.