Threat analysis of the Russia/Ukraine conflict

By Stacy Peterson, Threat Research Analyst at the Global Threat Intelligence Centre


Published August 31, 2022  |  Security

Threat analysis of the Russia/Ukraine conflict

In light of recent geo-political events, the NTT Security Holdings Global Threat Intelligence Centre (GTIC) analyzed threats employed in the conflict between Russia and Ukraine. We compiled a timeline surrounding both physical and cyber events, observing the unfolding evolution of cyber threats and its impact on the conflict.

Similar to the impacts COVID-19 had on the cybersecurity domain over the past two years, the Russian invasion may also have a lasting impact on cyber and information security domains. This conflict will likely be the most documented war to date, given social media, news, and open sources, as well as ongoing cyber operations.

What happened?

In January 2022, attackers likely aiding Russian strategic objectives defaced nearly 70 Ukrainian government websites, including websites belonging to the Ukrainian Ministry of Foreign Affairs, Ministry of Defense, the State Emergency Service, Cabinet of Ministers, and Ministry of Education and Science. Researchers later attributed the attacks to an APT called UNC1151, a group linked to the Belarusian government that employs malware with similarities to tools previously used by Russian state-sponsored APT29. These defacements warned Ukrainians to 'expect the worst.'

The physical invasion of Ukraine began on 24 February 2022; cyber operations began much earlier. The invasion was preceded by a series of operations using Whispergate, a data-wiping malware that targeted multiple industries in Ukraine, including government, non-profit, and information technology organizations. Ukraine’s CERT suggested the attacks were a false-flag operation and mimicked the WhiteBlackCrypt ransomware, likely to make attribution more challenging.

In February 2022 a series of wiper malwares in the Hermetic Wiper family were used against Ukrainian targets. By mid-February, DDoS attacks targeted Ukraine's armed forces, defense ministry, public radio, and the two largest national banks, crippling services for several hours. Agencies in the US and UK issued warnings regarding this malware. They cautioned 'further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries,' meaning any organization in any country could be affected by cyberattacks. Malware often tends to focus on stealing intellectual property or personally identifiable information (PII). If a wiper malware infects an organization's environment, it could affect day-to-day operations like payroll, logistics, and sales, along with the prospect of loss of revenue or reputation due to time for recovery, loss of data or significant financial losses.

There have been concerns Russian state-sponsored cyberattacks could also be launched against organizations outside of Ukraine in conjunction with a Russian military invasion of Ukraine. The US and the UK have issued warnings regarding these threats. Researchers believe these concerns are justified, based on previous Russian APT cyberattacks likely intended to target only Ukraine but spread much wider. Furthermore, it's plausible Russia would seek to conduct cyberattacks against NATO countries to distract efforts and attention away from the invasion of Ukraine.

It may be safe to assume follow-on cyberattacks are in the works or are lying in wait. Many researchers expect Russian threat actors have already laid the groundwork by having conducted reconnaissance on and infiltrated targeted networks – it could be that, with continued threats of cyberattacks, this is the case.

While suspected state-sponsored actors have been active, other groups have become involved in cyber activities related to the conflict, such as hacktivist and ransomware groups making their preferences known. The Conti Gang, the threat group operating the Conti ransomware, posted a statement on their website announcing, 'full support of the Russian government' and stating they will use 'all possible resources to strike back at the critical infrastructures of an enemy.'

Additionally, Anonymous, a group that hasn't been in the news as much in recent years, also has taken a side targeting various Russian state agency websites. Other groups have also targeted Russian websites, including AgainstTheWest, which announced a joint campaign with Anonymous targeting entities in Russia and Belarus in response to the invasion, and GhostSec, which initiated '#OpRussia.'

In addition to the potential for significant effects on targeted networks, a significant concern has been from influence operations such as 'fake news,' social media, or other outlets, presumably being conducted by state-sponsored actors. Based on historical tactics, Russia has almost certainly been using influence campaigns both covertly and overtly, to shape domestic, Ukrainian, and international audience perceptions first of its military buildup along Ukraine's northern, southern and eastern borders and then of its subsequent invasion. Many analysts believe current Russian information operations are employing a multi-faceted and versatile approach to manipulate the narrative of this crisis. This includes using developed human intelligence assets on the ground in Ukraine, covert elements of Russia's disinformation ecosystem (such as intelligence-directed or otherwise affiliated news sources), social media influence operations, and official, overt propaganda through the Russian state media and political apparatus.

In response to Russia's actions, other organizations have disconnected services to Russian entities, including various social media and news outlets, and financial organizations like SWIFT, Visa, Mastercard, and AMEX.

Attacks observed by NTT during Russian Conflict in Ukraine

Who was targeted?

Ukrainian targets have been the predominant focus during the conflict. But cyber threats have gone beyond Ukrainian borders. One example of a cyber-attack which was probably initially targeted against Ukrainian targets was the attack against Viasat’s KA-SAT satellite network service. The impact of this attack spilled over into a number of European countries, disrupting satellite communications services. The Russian invasion has set into motion a historic course of policy actions that have moved across global markets, in coordination with sanctions against Russia from the European Union, the United States, the United Kingdom, Japan, Australia, Switzerland, and Taiwan. Effects of these cyber-attacks and sanctions have flooded into these countries, along with others over the course of the conflict, and should remain a pressing concern for the rest of the world, as additional countries learn to weaponize digital technologies that will become more complex and more destructive.

We have already begun to observe the decline of global growth and increasing inflation as global leaders ban imports of Russian oil, liquified natural gas (LNG). The projected energy supply is now at a greater risk, but proposals have been made to divert supply away from Russia.

Russian state-sponsored actors are sophisticated and mature in the cyberspace realm. By April and May they had launched several disinformation campaigns targeting Ukraine citizens to weaken and discourage their spirit, while concurrently launching cyberattacks against Ukraine government websites. Russian threat actors have repeatedly targeted Ukraine’s critical sectors and government institutions. Not all of Russia’s attacks have been successful. In April the actors intended a major disruption to the country’s power grid by aiming for the computers that controlled the energy substations, but the attack failed.

Other affected sectors have included critical infrastructure, oil and gas, financial organizations, government and military, telecommunications providers, and other high-value supply-chain technology vendors. The spillover from any of these attacks has global ramifications.

Recommendations and Mitigation

Like with any form of traditional conflict, collateral damage is expected. In the case of the Russia/Ukraine conflict, on surface this is limited to two nations, but the ripple effect of this conflict continues to be felt across the globe. The world has shrunk and is now viewed as one giant ‘village’; tension in one end of this village emanates to other sections. While physical attackers typically prefer direct hits to specific targets, when it comes to cyberwarfare, the consequential ramification can cause a cascading impact on other affiliated organizations’ and countries.

Many observed attacks have reportedly been successful in the exploitation of specific system and application vulnerabilities. Patch management and reducing the attack surface exposed to the outside is one way to minimize potential threats. Another initial access vector has been through phishing and social engineering. Organizations should focus on creating awareness and education programs to highlight potential risks and threats. The need for proactive cyber defense and scalable security solutions plays a crucial role enabling a more effective cybersecurity posture. This is why many organizations’ are enhancing their security intelligence by investing in continuous monitoring capabilities, such as Threat Detection and Response.

Ongoing and Future Expectations

Cyber operations are becoming more often used within wartime operations – both as an offensive force multiplier and in response to actions from the adversary. This war could set a precedent for how cyber operations will not only be leveraged for offense but will support traditional physical, economic and diplomatic actions, sanctions and outcomes.

One goal during this conflict has remained resolute and unwavering: the use of destructive malware. Wiper malware has proven to be effective with the main objective of destroying data from any device making the information unavailable unlike other cyberattacks which tend to involve a ransom or some other form of monetary gain. Malware will continue to become more sophisticated to be tested for its capability against certain technologies while taking actions to make the most damage to disable and destroy critical targets.

Threat actors, cybercriminals, proxy groups will continue to target governments institutions, military operations, critical infrastructures, private sectors, and other entities to gain or thwart cyber operations. Hacktivists and official state sources have played a fundamental role in this cyberwar by distributing fake/misinformation news that has helped Russia influence narrative control within this conflict. Both sides are wanting the strategic advantage, not only can cyber-attacks degrade your opponent’s informational advantage but they can also be used for political effect.

NTT Security Holdings has observed a full range of cyber-attacks employed to support conflict during the Russian invasion. Organizations, particularly those involved with protecting critical infrastructure and systems of national significance, will need to continue operating under heightened levels of vigilance. Ongoing disruptive cyber activity is to be expected and will likely target high-value assets and those of assets of strategic importance – nationally and economically. The key will be in learning and adapting from such attacks in order to deliver ongoing cyber resilience.

January/February 2022

Physical

Cyber

JANUARY 13

Microsoft identified a destructive malware (dubbed WhisperGate) operation targeting multiple organizations in Ukraine

JANUARY 19 - FEBRUARY 4

Gamaredon targeted Ukrainian officials and organizations that aimed to compromise a Western government ‘entity' in Ukraine

FEBRUARY 15

DDoS attacks hit Ukrainian government websites including Privatbank and Oschadbank

FEBRUARY 16

Russian hackers breached multiple DOD contractors

FEBRUARY 21

Putin ramps up rhetoric - Russian troops ordered to act as ‘peacekeepers’ In Donbas

FEBRUARY 22

US places sanctions on VEB bank and PSB banks. Russia also barred from selling sovereign bonds on US money markets. Germany halts the process of certifying the Nord Stream 2

FEBRUARY 23

Ukraine declares a nationwide state of emergency

FEBRUARY 23

‘Foxblade' (aka HermeticWiper) Trojan Attacks are detected directed against Ukraine’s digital infrastructure

FEBRUARY 24

Russia launches full-scale assault on Ukraine. US bans five more Russian banks from the US financial system

FEBRUARY 24

UNC1151 – Belarus state sponsored APT phishing campaign observed using a possibly compromised Ukrainian armed service member’s email account, to target European government personnel

FEBRUARY 25

Russian forces press towards the Ukrainian capital, Kyiv

FEBRUARY 25

GhostSec targeting Russian military and government websites

FEBRUARY 26

Poland says about 100,000 people have crossed into the country from Ukraine amid the fighting

FEBRUARY 26

AgainstTheWest announces joint campaign with Anonymous to target entities in Russia and Belarus

FEBRUARY 27

European Commission chief announces Russian aircraft will be banned from EU airspace transaction system

FEBRUARY 27

EU bans selected Russian banks from the SWIFT interbank transaction system

FEBRUARY 28

Ukraine applies to join EU. Russian shelling pounds Kharkiv. Russian rep to UNSC denies Russian troops targeting civilians

FEBRUARY 28 - MARCH 1

Volunteer ‘hackers’ from Ukraine's ‘IT Army’ claim responsibility for shutting down the Moscow Exchange website

March 2022

Physical

Cyber

MARCH 1

Russian convoy amasses on the outskirts of Kyiv. Bombing of Kyiv’s television tower and Kharkiv’s Freedom square. Pres Biden announces the country will close American airspace to Russian flights

MARCH 1

An American telecom organization that provides high-speed satellite broadband services and secure networking systems covering military and commercial markets, announced the disruption of its services, ‘KA-SAT’ in Ukraine and Europe via cyberattack

MARCH 3

German Federal Ministry for Economic Affairs authorized the supply of 2,700 surface-to-air missiles (SAMs) to Ukraine

MARCH 4

Zaporizhzhia Nuclear Power Plant hit with projectile, causing a localised fire of a building that is not part of the reactors

MARCH 4

Putin blocks media platforms – in Russia. He signs a law criminalizing the distribution of “fake” information about Russia’s war against Ukraine.

MARCH 5

US Secretary of State Antony Blinken meets his Ukrainian counterpart Dmytro Kuleba on the Polish-Ukrainian border. The US urges its citizens to leave Russia immediately.

MARCH 7

Ukraine’s foreign ministry says Russian shelling prevents evacuation, aid deliveries.

MARCH 7

Cyberattacks from multiple threats from APT groups targeting Ukraine media, government and military organizations. Ukraine now faces MicroBackdoor malware threat from Russia.

MARCH 8

The US rejects a Polish offer to transfer Soviet-era MiG-29 fighter aircraft to Ukraine’s air force, as it seeks to keep NATO out of the war. The US imposes a ban on Russian crude oil imports, bringing the rise in oil prices.

MARCH 9

Russia conducts phishing campaign against Ukraine using compromised accounts. PressReader services disrupted after cyberattack. New RURansom wiper targeting Russia. Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools.

MARCH 11

Putin approves the deployment of up to 16,000 irregular fighters from Syria. The EU issues the Versailles Declaration, moving in the direction of a European defence capability. Russia forces accused of kidnaping the mayor of Melitopol.

MARCH 11

Anonymous infiltrated Russian state TV and censorship agency to reveal the truth and undermine Putin. DDoS attacks against both countries are still on-going.

MARCH 13

Russia broadens its attacks to western Ukraine, firing 30 cruise missiles at a military training base in Yavoriv.

MARCH 14

Russia requested military and economic assistance from China to aid their continued destruction of Ukraine.The US warns China it will not tolerate any form of alleviating sanctions against Russia.

MARCH 14

CaddyWiper: More destructive wiper malware strikes Ukraine. Ukraine's Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware.

MARCH 15

The Prime Ministers of Czech Republic, Poland and Slovenia travel to Kyiv to meet with Volodymyr Zelensky. Zelensky also states that NATO is not a good option for Ukraine. In the ln the following days, President Joe Biden labels Vladimir Putin as a War Criminal.

MARCH 17

Threat actors launched a phishing campaign dubbed "DoubleZero", a wiper targeting Ukrainian enterprises.

MARCH 18

US President Joe Biden warns Chinese President Xi Jinping of “consequences” should China offer Russia “material support” in the conflict.

MARCH 18

Facebook removes 'deepfake' of Ukrainian President Zelenskyy issuing a statement he never made, calling on Ukrainians to "lay down their arms."

MARCH 18

Threat actors weaponized nom package library "node-ppc" to protest Ukrainian invasion.

MARCH 21

U.S. energy companies targeted: Hackers associated with Russian internet addresses scanning the networks of US energy companies.

MARCH 23

The UN says more than 10 million people have been displaced in Ukraine, including those who have fled the country. Ukraine rejects a Russian ultimatum to surrender in Mariupol. Biden says Putin’s constant claims that Ukraine has chemical and biological weapons are a “clear sign he is considering using both of those”.

MARCH 23

Chinese APT Mustang Panda spread a variant of the Korplug malware named Hodur

MARCH 24

Emergency NATO summit: Global leaders gathered in Europe to discuss the war in Ukraine.

MARCH 24

Ukraine cyber intrusion attempt to suspected Chinese threat actor ‘Scarab’

MARCH 24

TRITON Malware Remains Threat to Global Critical Infrastructure Industrial Control Systems (ICS).

MARCH 25

The Russian military is stepping up its air and ground attacks in the Donbas region.

MARCH 26

Cyberattack on state bodies of Ukraine using PseudoSteel malware.

MARCH 27

U.S. officials continued to clarify President Biden's words that Russian President Vladimir Putin "cannot remain in power.". Ukraine called on the West to send tanks and planes to support the fight against Russia.

MARCH 28

Cyberattack on Ukrainian authorities using GraphSteel and GrimPlant malware.

MARCH 28

Ukrainian internet service provider Ukrtelecom was hit by a cyberattack that reduced its services. Meanwhile, Russia’s internet services could be affected by a shortage of equipment due to ongoing sanctions.

MARCH 28

The Ukrainian Security Service (SSU) has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news.

MARCH 29

U.S. leaders cast doubt on Russia’s vow to scale back its military campaign in northern Ukraine.

MARCH 29

Russia accused the United States of leading a massive campaign of "cyber aggression" behind hundreds of thousands of malicious attacks a day while Russia has troops in Ukraine.

MARCH 30

Russia launches new attacks after peace promise.

April 2022

Physical

Cyber

April 1

After Russian troops began withdrawing from Bucha, near Kyiv, on March 30 – images emerged of a civilian massacre left behind, with countless bodies lying in the streets.

April 1

Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked - Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group.

April 2

Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church - Anonymous claims to have hacked the Russian Orthodox Church ‘s charitable wing and leaked 15 GB of alleged stolen data.

April 2

Ukraine intelligence leaks names of 620 alleged Russian FSB agents - The Ukrainian Defense Ministry’s Directorate of Intelligence leaked personal data belonging to 620 alleged Russian FSB agents.

April 3

Ukraine accuses Russia of war crimes following reports of mass graves and bodies of people shot at close range in Bucha. Moscow denies charges and alleges images of bodies were staged.

April 3

UAC-0094 group targeted Telegram accounts of Ukrainian government officials with a phishing attacks in an attempt to gain access to the accounts.

April 4

Bucha massacre – Britain convenes a meeting of the UN Security Council over the crimes of Russians in Ukraine

April 4

ExxonMobil suspends Russian Far East LNG project – Interfax.

April 5

US official: US, allies, to ban new investments in Russia calls for increased sanctions intensified this week in response to the attacks, killings and destruction in the Ukrainian city of Bucha.

April 5

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns - Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations.

April 5

Ukraine’s president witnesses the devastation and accuses Russia of ‘genocide’ and ‘war crimes’. Russia denies involvement, calling Bucha killings ‘fake’ and ‘staged’.

April 5

Anonymous targets the Russian Military and State Television and Radio propaganda - Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda.

April 6

US dismantled the Russia-linked Cyclops Blink botnet - The U.S. government announced the disruption of the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group.

April 6

Ukraine warns of attacks aimed at taking over Telegram accounts - Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts.

April 7

Ukrainian authorities say Russia fired a cluster munition into a railway station packed with thousands of evacuees, killing at least 52. The attack takes place in the city of Kramatorsk in the eastern Donetsk region.

April 7

A group known as Strontium targeted several Ukrainian media organizations to gain long-term access to their networks and collect sensitive information. Microsoft took control of seven internet domains the group used to mitigate these attacks. The group has connections to the Russian GRU.

April 8

The EU bans imports of Russian coal, lumber, cement, seafood and fertilisers.

April 8

Anonymous and the IT ARMY of Ukraine continue to target Russian entities - The popular hacking Anonymous and the IT ARMY of Ukraine continue to target Russian government entities and private businesses.

April 10

Russian forces bisect Mariupol.

April 10

NB65 group targets Russia with a modified version of Conti’s ransomware - NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia.

April 11

United Nations condemns Ukraine in Europe - China makes secret delivery of anti-aircraft missiles to Serbia.

April 11

Anonymous hacked Russia’s Ministry of Culture and leaked 446 GB - The Anonymous collective has hacked Russia’s Ministry of Culture & leaked 446 GB of data through the DDoSecrets platform.

April 12

Russia reportedly moves military equipment towards its border with Finland – after Prime Minister Sanna Marin said possible Nato membership would be discussed ‘within the coming weeks’.

April 13

A Swedish media outlet reports that Sweden ‘is ready’ to join military alliance NATO in the summer – after neighbouring Finland said it was also discussing the possibility of joining.

April 14

Ukraine says it has sunk the Russian Black Sea Fleet flagship Moskva with two Neptune missiles.

April 14

The Trickbot group has conducted at least six campaigns against entities in Ukraine deploying multiple malware IcedID, CobaltStrike, AnchorMail, and Meterpreter.

April 15

‘World War Three has started’ - On the 50th day of the war, Russian state TV says World War Three has already started after the sinking of the Moskva.

April 15

Threat actors use Zimbra exploits to target Ukrainian organizations - Threat actors are targeting Ukrainian government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882).

April 16

The unceasing action of Anonymous against Russia - This week the Anonymous collective and its affiliates have targeted multiple Russian organizations stealing gigabytes of data.

April 18

Russian forces launch a new, large-scale offensive in east Ukraine to take full control of the Luhansk and Donetsk oblasts.

April 20

Russia tests new missile capable of striking US and UK - The RS-28 Sarmat has been in development for several years and is intended as an upgrade to the Kremlin’s current Cold War-era delivery method. It can reportedly carry a 10-ton payload, including nukes, and target multiple locations at once.

April 20

Russian Gamaredon APT continues to target Ukrainian entities - Russia-linked threat actor Gamaredon targets Ukrainian entities with new variants of the custom Pterodo backdoor.

April 20

Anonymous hacked other Russian organizations, some of the breaches could be severe - The Anonymous collective and affiliate groups intensify their attacks and claimed to have breached multiple organizations.

April 21

Putin declares victory in Mariupol, though 2,500 Ukrainian defenders in the Azovstal steelworks have not surrendered.

April 21

US, Australia, Canada, New Zealand, and the UK warn of Russia-linked threat actors’ attacks - Cybersecurity agencies of the Five Eyes intelligence alliance warn of cyberattacks conducted by Russia-linked threat actors on critical infrastructure.

April 22

Binance on Thursday officially announced new restrictions on Russian citizens or residents of Russia, restricting such persons from trading if they own more than 10,000 euros.

April 22

Ukraine's Postal Service gets DDOS'd after printing stamps of sunken Russian battleship

April 26

Austin presses delegates from 40 nations to contribute more weapons as soon as possible to Ukraine’s war effort at a military donors’ conference at Ramstein air base in Germany.

April 27

Russia cuts off gas flows to Bulgaria and Poland, allegedly for refusing to pay for gas in roubles.

April 27

US Department of State offers $10M reward for info to locate six Russian Sandworm members - The U.S. government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group.

April 28

The US Congress revives World War II-era “lend-lease” facilities to speed up weapons shipments to Ukraine. Biden asks Congress to approve a $33bn spending package for Ukraine.

April 29

Russia's defence ministry said its forces destroyed the production facilities of a space-rocket plant in Kyiv with high-precision long-range missiles.

April 29

Ongoing DDoS attacks from compromised sites hit Ukrainian entities - Ukraine CERT-UA warns of ongoing DDoS attacks targeting pro-Ukraine sites and the government web portal.

April 30

Pro-Russian group Killnet launched DDoS attacks on Romanian govt sites - A series of DDoS attacks launched by Russian hacktivists are targeting several Romanian government websites.

April

Ghostwriter also launched a phishing campaign in April targeting Facebook users primarily based in Lithuania. The attacker sent links to domains pretending to be from Facebook’s security team.

May 2022

Physical

Cyber

May 2

Germany says it is willing to ban Russian oil immediately, in a change of position.

May 2

Russian payment services provider QIWI targeted by hacktivist group "NB65". The group claimed in their post that they shut down the company’s Hyper-V clusters and encrypted their SQL databases and Tele2Pay boxes with a “vastly improved ransomware kit”, and thanked the Conti ransomware operators for it.

May 3

In a speech to the European Parliament, Italian prime minister Mario Draghi calls for a “pragmatic federalism” in which majorities of member states can override vetoes to collective action – a clear hint towards Hungary and Slovakia, which are blocking an EU ban of Russian oil and gas.

May 3

Cyber actors from Russia, Belarus and China are using a variety of email-based attack methods to steal credentials and gain access to organizations in Ukraine, Lithuania, Central Asia, countries in the Baltics and even Russia itself.

May 3

Google found that a group connected to China’s PLA SSF – named Curious Gorge – was found targeting government, military, logistics and manufacturing organizations in Ukraine, Central Asia and even Russia.

May 4

A Ukrainian counteroffensive north and east of Kharkiv has pushed Russian troops 40km back from the city, in the first major Ukrainian success since winning the battle for Kyiv.

May 4

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

May 4

Russia looks to avoid default after bond payments sent to creditors.

May 5

The European Union's chief executive on Wednesday proposed a phased oil embargo on Russia over its war in Ukraine, as well as sanctioning Russia's top bank and banning Russian broadcasters from European airwaves, in a bid to deepen Moscow's isolation.

May 6

Ukraine IT Army hit EGAIS portal impacting Russia’s alcohol distribution - Ukraine IT Army launched massive DDoS attacks on the EGAIS portal that has a crucial role in Russia’s alcohol distribution.

May 6

Anonymous and Ukraine IT Army continue to target Russian entities - The Anonymous collective and the volunteer group Ukraine IT Army continues to launch cyber attacks on Russian entities.

May 7

(CERT-UA) warned of a mass distribution of emails in Ukraine with the theme “chemical attack”, which are spreading Jester Stealer.

May 8

Commercial PenTest Tool Brute Ratel C4 payload was packaged as a self-contained ISO, which coupled with the use of cloud storage and online collaboration applications, resembled techniques consistent with recent APT29 campaigns.

May 9

French President Emmanuel Macron supports creating a strengthened form of association with the EU that would enable Ukraine and other EU hopefuls such as Moldova and Georgia to enjoy many aspects of membership quickly.

May 9

CERT-UA warns of malspam attacks distributing the Jester info stealer - The Computer Emergency Response Team of Ukraine (CERT-UA) warns of attacks spreading info-stealing malware Jester Stealer.

The U.S. government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group.

May 10

The Ukrainian forces claim to have recaptured villages from Russia in Kharkiv.

May 10

Hacktivists hacked Russian TV schedules during Victory Day and displayed anti-war messages - Hacktivists yesterday defaced the Russian TV with pro-Ukraine messages and took down the RuTube video streaming site.

May 10

Information Coordination Center, a Russian propaganda network engaged in mass account reporting and distributed denial of service attacks.

May 11

Ukrainian Deputy Prime Minister Iryna Vereshchuk says Russia has deported some 460,000 Ukrainians to 6,500 camps across Russia. Ukraine for the first time limits Russian gas transiting its territory to Europe, cutting by one-quarter the flow of gas through one of two major pipelines.

May 11

EU condemns Russian cyber operations against Ukraine - The European Union condemns the cyberattacks conducted by Russian entities against Ukraine, which targeted the satellite KA-SAT network.

May 12

Finland announces it will seek NATO membership.

May 14

Pro-Russian hacktivists target Italy government websites - Pro-Russian hacker group Killnet targeted the websites of several Italian institutions, including the senate and the National Institute of Health.

May 14

The LEGION collective calls to action to attack the final of the Eurovision song contest - The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest.

May 15

Sweden announces it will apply for NATO membership, ending two centuries of neutrality.

May 15

It is reported that Vladimir Putin may have lost a third of his troops in Ukraine as his invasion is held back in the face of stiff resistance.

May 16

Researchers warn of REvil return after January arrests in Russia, the group’s return to a dispute between officials in Russia and the U.S.

May 17

Ukraine’s military declares an end to the Azovstal operation in Mariupol. Russia’s defence ministry confirms that 265 Ukrainians have surrendered.

May 18

The European Commission announces a 220 billion euro ($236bn) plan to ditch Russian fossil fuels over five years.

May 20

Former German Chancellor Gerhard Schroeder bows to pressure to resign his seat on the board of Russian oil giant Rosneft.

May 20

RedDelta phishing attacks observed targeting Russian military, other European entities, with the end goal of delivering a new variant of the “PlugX” malware.

May 20

RUSSIA CLAIMS CONTROL OF AZOVSTAL STEELWORKS AFTER LONG SIEGE - The remaining fighters defending the Azovstal steel works in Mariupol surrender.

May 21

Russia says it has full control of Mariupol, after almost 2,500 Ukrainian troops surrender.

May 25

Eduard Basurin, deputy head of the militia of the Russia-backed Donetsk People’s Republic, says Russia is for now abandoning the larger strategy of surrounding all of Ukraine’s forces in the east with a grand pincer movement, instead focusing on piecemeal isolations.

May 25

Sandworm APT Group Adds New ArguePatch Variant to Arsenal. as part of campaigns targeting Ukrainian entities that involved the deployment of both the ICS-targeting malware Industroyer2 and the wiper malware CaddyWiper.

May 25

Zelenskyy blasts former US Secretary of State Henry Kissinger for suggesting that Ukraine surrender land to Russia. He likens it to the policy of appeasement in the 1930s.

May 26

Russian forces continue a slow encirclement of Severdonetsk, and are reportedly in possession of the northeastern portion of the city. Ukrainian Deputy Defence Minister Anna Malyar says “fighting has reached its maximum intensity. The enemy is storming the positions of our troops in several directions simultaneously”.

May 27

Russian forces advance on Severdonetsk from three different directions, and begin direct assaults on built-up areas of the city in the north, taking control of the Mir hotel.

May 27

DDoSecrets published 25.4 GB of compromised information related to “Very English Coop d’Etat”, a suspected Russian information operation targeting Brexit supporters.

May 28

Ukraine launches a counteroffensive in Kherson, reportedly bringing Russian forces to a “disadvantageous” defensive position and inflicting heavy losses. The leaders of France and Germany, Putin offers to facilitate Ukrainian grain exports in return for an easing of sanctions against Russia.

May 28

Ukraine launches a counteroffensive in Kherson, reportedly bringing Russian forces to a “disadvantageous” defensive position and inflicting heavy losses. The leaders of France and Germany, Putin offers to facilitate Ukrainian grain exports in return for an easing of sanctions against Russia.

May 30

After some hesitation, Biden decides to send “more advanced rocket systems” to Ukraine to enable greater precision artillery strikes. The US will send guided multiple launch rocket systems (GMLRS) and high mobility artillery rocket systems (HIMARS) to add firepower to Ukraine’s defences.

May 30

Hacktivist group Anonymous claimed responsibility for attacks against Belarus’ government websites in retaliation for its support of Russia’s invasion of Ukraine.

May 31

Russian forces occupy the centre of Severdonetsk as Ukrainian troops make a tactical retreat. Fighting rages in the town of Toshkivka, south of Severdonetsk, as Russian forces attempt to complete an encirclement of Severdonetsk from the south.

May 31

Killnet conducted DDoS attacks on 3 Ukrainian movie streaming platforms.

June 2022

Physical

Cyber

June 1

Russian troops hold the city centre of Severdonetsk and, according to estimates, up to 70 percent of the city. Germany says it will send Ukraine the IRIS-T, the most modern artillery and targeting system it possesses. The system will come with radar that helps target enemy artillery.

June 1

US general gives first confirmation of cyberattacks against Russia in defence of Ukraine.

June 2

Russia is increasing shelling and helicopter-launched rocket attacks. The Russian military Telegram channel Rybar says Ukrainian forces are trying to reach the Russian-held towns of Snihurivka and Kryvyi Rih.

June 3

THE WAR REACHES ITS 100th DAY - As the conflict reaches day 100, Volodymyr Zelensky says that Russian forces have seized a fifth of Ukraine since the invasion began.

June 4

Ukrainians defend Severodonetsk fiercely, Luhansk governor Serhiy Haidai believes the Ukrainian forces there are supplied well enough to hold their positions and rebuff Russian offensives. Ukraine says its southern defences shot down four missiles fired from across the Black Sea.

June 5

Russian forces are reported to have mined the east bank of the Inhulets river in the Kherson region, where Ukrainian counterattacks continue.

June 6

Ukraine says Russian forces shell 20 settlements along the entire line of contact in east Ukraine, using tanks, mortars, barrel bombs, missiles and air strikes. Britain announces it will send M270 multiple launch rocket systems with an 80km range to Ukraine.

June 7

Russian Defence Minister Sergei Shoigu claims his forces have captured the entire residential part of Severodonetsk, and continue to fight for the industrial sector.

June 8

Ukrainian defenders continue to engage the Russian onslaught on the streets of Severdonetsk. Russian efforts to surround the city have also so far failed, and the situation is “difficult but controlled”.

June 9

Chinese hackers have stepped up their probes against the U.S. tech sector since Russia’s invasion of Ukraine.

June 10

GhostSec claims to have compromised approximately 600 Russian ICS/SCADA targets.

June 11

A Russian cybersecurity official warned on Thursday that Western cyberattacks on the country’s critical infrastructure could lead to a “direct military clash.”

June 12

Russia destroys bridges and cuts escape routs in Sievierodonetsk, President Zelensky: fierce battle

June 13

US Wall Street banks stop servicing Russian debt

June 13

Russia-linked APT Sandworm targets Ukraine media organizations by exploiting the Follina RCE vulnerability CVE-2022-30190 in phishing campaign.

June 14

The leaders of seven NATO nations from across Europe pledged their support Tuesday for Sweden and Finland's bids to join the alliance and for providing more heavy weapons to help Ukraine battle Russia.

June 15

US plans to add HIMARS artillery to Ukraine, Russian diplomat: No intention of peaceful solution.

June 16

Lithuania shut the route for transport of steel and other ferrous metals from mainland Russia on Friday, saying it had to do so under EU sanctions.

June 17

Ukraine gets possible path to EU, aid pledges from Britain

June 17

DOJ: Russian RSOCKS botnet disrupted an international operation conducted by Russian cybercriminals that hijacked millions of computers, phones, and Internet of Things devices.

June 21

Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine.

June 22

Russia will do everything necessary to strengthen industrial cooperation with Belarus.

June 22

APT28 targets Ukraine with stealer “CredoMap”, this stealer reportedly exploits the Follina vulnerability (aka CVE-2022-30190) to infect a system.

June 24

CERT-UA warned of attacks targeting critical infrastructure in Ukraine.

June 24

Cyber Spetsnaz targets government resources and critical infrastructure in Lithuania.

June 24

China-linked ToddyCat APT targets high profile entities in Europe and Asia.

June 24

Russian MP Andrey Guryolov claims London would be first target in event of conflict with NATO.

June 25

The European Union (EU) voted in favor of granting Ukraine and Moldova the status of candidates for the EU.

June 26

As Russia chokes Ukraine’s grain exports, Romania tries to fill in.

June 26

Conti ransomware operation ARMattack breached over 40 organizations in a month.

June 27

The latest in a litany of horrors in Ukraine came this week as Russian firepower rained down on civilians in a busy shopping mall far from the front lines of a war in its fifth month.

June 27

Russian hacking group Killnet takes credit for wide-ranging cyberattack on Lithuania.

June 28

Pro-Russia Killnet group targets Lithuanian government with DDoS attacks.

June 28

PowerSploit observed in the wild targeting supporters of Ukraine to distribute malware droppers.

June 29

A plan to equip Turkey with state-of-the-art US F-35 stealth fighters fell through after Turkey bought Russia 's S-400 anti-aircraft missile system, something Washington saw as potentially threatening the security of the F-35 program.

June 29

Norway accuses pro-Russian hackers of launching wave of DDoS attacks

June 30

Chinese state-sponsored group Tonto Team targets Russian organizations with RoyalRoad, Bisonal (RAT), and QuickMute. The RAT has long been associated with Chinese hackers who have previously been seen targeting organizations in Russia, Japan, South Korea and others.

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic as described in our Privacy Policy. By clicking "Accept", you consent to our use of cookies.

x
x

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below. The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.