Understanding Russia’s Cyber Attacks on Ukraine: A History Lesson

Summary

This article describes the history of Russia’s cyber attacks on Ukraine, starting from the 2014 presidential election to the recent full-scale Russian invasion of Ukraine. The article focuses on Sandworm, a state-sponsored hacker group responsible for some of the most disruptive cyber attacks in history. The article details Sandworm’s attacks on Ukrainian government agencies, critical infrastructure, and power grids. The article goes on to describe how Sandworm released NotPetya malware, causing chaos worldwide. The article ends by highlighting Russia’s cyber warfare playbook, its capabilities, and how the world can prepare for such attacks.

Introduction:

Russia’s cyber attacks against Ukraine have been some of the most disruptive we’ve ever seen. Since 2014, Ukraine has been under the radar of the Western world, primarily because of Russia’s conflict with the West. However, Ukraine has become the epicenter of this conflict. Andy Greenberg, a senior writer with Wired and author of the book Sandworm, walks us through the history of Russia’s cyber attacks on Ukraine. This article will examine how state-sponsored hackers called Sandworm have hacked Ukrainian institutions and critical infrastructure, causing widespread disruption.

Q&A:

Russia’s Cyber Attack on Ukraine’s 2014 Presidential Election

Q: How did Russia try to disrupt Ukraine’s presidential election in 2014?

A: In 2014, as Ukraine was having its first presidential election after its revolution, Russian state-sponsored hackers broke into its Central Election Commission and tried to fake the result in favor of a far-right candidate. They planted a spoofed image that showed he won by a landslide when, in fact, he got single-digit percentages of the vote. Luckily, the Central Election Commission caught the fake results in time to thwart the misinformation campaign, but Russian TV broadcasts the fake results. Putin and the Kremlin have always wanted to depict the new Ukrainian government as neo-Nazi controlled secretly; therefore, showing that a far-right candidate won the election was part of their disinformation campaign.

Q: What was Russia’s intention with the cyber attack on Ukraine’s presidential election?

A: Russia’s intention with the cyber attack was to discredit Ukraine’s new democratic government and paint it as controlled secretly by neo-Nazis.

Russia’s Attack on Ukraine’s Power Grid in 2015

Q: What happened in 2015, and how did Sandworm attack Ukraine’s power grid?

A: In 2015, Sandworm, a notorious group of state-sponsored hackers, took over Russia’s cyber warfare against Ukraine. Sandworm launched a series of attacks against Ukrainian government agencies, including its Ministry of Defense, infrastructure, media, and critical utilities. The hackers destroyed hundreds of computers inside these utilities and bombarded them with fake phone calls to add extra chaos. Just before Christmas, Sandworm targeted Ukraine’s power grid, causing the first-ever instance where hackers triggered a blackout. During this blackout, Sandworm also destroyed hundreds of computers inside these utilities, adding to the chaos. Although these blackouts lasted only six hours, they terrorized the Ukrainian government and added to Russia’s cyber warfare playbook.

Q: Why did Sandworm target Ukraine’s power grid, and what was its intention?

A: Sandworm targeted Ukraine’s power grid with the intention of creating chaos and terrorizing the Ukrainian people.

Sandworm’s Second Attack on Ukraine’s Power Grid

Q: What happened during Sandworm’s second attack on Ukraine’s power grid in Kiev in 2016?

A: In 2016, Sandworm launched another massive cyber attack on Ukrainian government agencies, destroying terabytes of data on their networks. In the process, they wiped out the country’s national budget for the year. This series of cyber attacks culminated in another blackout on Ukraine’s power grid, this time in the capital, Kiev. Although this blackout lasted only an hour, it showed Sandworm’s capability to disable safety systems in transmission stations intentionally. Sandworm wanted Ukrainian operators to rush to turn the power back on, causing an overload of currents on power lines or even an explosion of a transformer.

Q: How did Sandworm’s second attack differ from the first, and what was its impact?

A: Sandworm’s second attack on Ukraine’s power grid was more severe than the first. It wiped out terabytes of data on Ukrainian government agency networks, destroyed the country’s national budget for the year, and caused a second blackout in the capital, Kiev. Sandworm disabled safety systems in transmission stations with the intention of creating more destructive effects.

Sandworm Releases NotPetya Malware

Q: What was NotPetya malware, and how did Sandworm release it?

A: Sandworm released NotPetya malware in June 2017, causing chaos worldwide. Ukrainians across the country began seeing a ransomware message on their computers that was encrypting files and demanding a ransom. However, paying the ransom did not recover the files. NotPetya was a data-destroying piece of code designed to cause maximum chaos, and it spread out to the rest of the world. Companies such as Maersk, FedEx, and Mondelēz, which owns Cadbury and Nabisco, and Merc, the pharmaceutical giant, were affected. Maersk had to line up tens of thousands of trucks outside terminals and ports worldwide, ships arrived with thousands of containers, and nobody knew what was on them. Merc was forced to borrow its HPV vaccine from the Center for Disease Control because its manufacturing was shut down. In each of these cases, these companies lost hundreds of millions of dollars, but they were only a few examples of the chaos NotPetya created.

Q: What was the intention behind Sandworm’s release of NotPetya malware, and what was its effect?

A: Sandworm released NotPetya malware with the intention of causing maximum chaos, which spread worldwide. Companies like Maersk and Merc lost hundreds of millions of dollars in its aftermath.

Conclusion

Although we are now in the midst of a full-scale physical Russian invasion of Ukraine, we cannot dismiss Russia’s cyber warfare playbook or its capabilities. Sandworm has shown the world what it is capable of and how it can create chaos by targeting critical infrastructure like power grids. NotPetya malware has also demonstrated how cyber attacks on one country can quickly escalate to affect the world. It’s essential for the world to prepare for such attacks and be prepared for the possibility that Russia can unleash these sorts of cyber attacks on Western targets if it feels like it’s been put in a corner.