A Timeline of Russian Cyberattacks on Ukraine

Wired

Russia has been launching some of the most disruptive cyberattacks in history against Ukraine for some years now. WIRED's Andy Greenberg, author of the book "Sandworm," walks us through the history of Russia's cyberattacks against Ukraine.

Video Transcript

[MUSIC PLAYING] ANDY GREENBERG: Russia has been launching cyberattacks against the Ukrainian government's private industry, even critical infrastructure that truly have no precedent in history. These are some of the most disruptive cyberattacks we've ever seen. I'm Andy Greenberg. I'm a Senior Writer with Wired, and the author of the book, Sandworm. And I'm going to walk you through the history of Russia's cyberattacks against Ukraine. [MUSIC PLAYING] Right now, of course, there is an actual full-scale Russian invasion of Ukraine taking place. Ukraine is now the epicenter of Russia's conflicts with the West, as it has been in some ways sort of under the radar for the last almost decade. But it also is a country whose recent history has these lessons about the nature of cyber war. And it's a country where we can look to understand what Russia is capable of, and its digital disruption, and how to be prepared for it. [MUSIC PLAYING] 2014, Russia hacks the Ukrainian Central Election Commission. In 2014, Ukraine has a revolution, and it pulls away from Russia's sphere of influence. And then later that year as it's having its first presidential election, Russian state sponsored hackers break into its Central Election Commission, and essentially try to fake the results. They plant a spoofed image that seems to show that this far right candidate has won by a landslide. In fact, he won like single digit percentages of the votes. Now actually, the Central Election Commission caught this fake results in time and managed to foil this, but Russian TV nonetheless, broadcasts those fake results, which kind of shows how they were working in league with these hackers. Putin and the Kremlin have always wanted to paint the new Ukrainian Democratic government as controlled secretly by neo-Nazis, and so trying to spoof that the results show that the actual winner of the election was this super far right candidate was just another kind of beat in that campaign of disinformation. [MUSIC PLAYING] 2015, Russia hacks Ukraine's power grid, a now notorious group of state-sponsored hackers called Sandworm takes over Russia's cyber warfare in Ukraine. And they launch a whole series of attacks that hits Ukrainian media, government agencies. And then just before Christmas, they cap all this off with a cyberattack on Ukrainian power grids, which is the first time in history that hackers actually trigger a blackout. But just to kind of add insult to injury, Sandworm also destroyed hundreds of computers inside of these utilities. They bombarded them with fake phone calls, just to add an extra layer of chaos. And they even turned off the backup power supply to the control rooms themselves, so that these operators were thrown into a kind of blackout in the midst of their own blackout. This blackout really only lasted six hours or so before Ukrainians were able to manually switch the power back on. But I think it was intended to have a kind of terrorizing effect. And it shocked the world. And it also kind of gave Sandworm this reputation as perhaps, the most disruptive, the most cyber war-oriented hacker group in the world. 2016, Sandworm attacks Ukraine's power grid again, this time in Kiev. About a year after Sandworm's first attacks in Ukraine, it returns with another even more severe collection of cyberattacks against Ukrainian government agencies, it's Ministry of Defense, and infrastructure, and finance. The hackers destroyed terabytes of data on these agency networks They actually wiped the country's national budget for the year. This series of cyber attacks culminates in an attack on the power grid, causing another blackout, this time, in the capital of Kiev. The second blackout only lasted an hour. But in some ways, it was nonetheless kind of escalation of what Sandworm had inflicted the year before. They actually disabled safety systems in this transmission station with the intention that when the Ukrainian operators rushed to turn the power back on, they might have caused an overload of currents on power lines, or even exploded a transformer, truly dangerous and physically destructive effects of a kind that we had never seen before inside of an electrical utility. And that only failed because of a tiny misconfiguration in Sandworm's malware. 2017, Sandworm releases the NotPetya malware. That morning of June 27, 2017, Ukrainians across the country began to see this ransomware message appear on computers in all sorts of networks from private industry, and banks, to government agencies, hospitals. It seemed to be encrypting computers and demanding a ransom in the ways that cyber-criminal hackers often do. But even when you paid the ransom, you couldn't recover your files. It was actually a data destroying piece of code designed to cause maximum chaos. And then because internet worms do not generally stay within national boundaries, it spread to the rest of the world. NotPetya immediately hit companies like Maersk, the world's largest shipping firm, and FedEx, and Mondelez, which owns Cadbury and Nabisco, and Merck, the pharmaceutical giants. In the case of Maersk, for instance, that meant that tens of thousands of trucks were lining up outside of terminals and ports around the world, and ships with thousands and thousands of containers on them are arriving at those ports, and nobody knows what is on them. For Merck, it meant they had to borrow their own HPV vaccine from the Center for Disease Control, because their manufacturing was shut down. In each of these cases, these companies lost hundreds of millions of dollars, more than a billion in some cases, all because of this one cyberattack that had spilled out from Ukraine. [MUSIC PLAYING] What comes next? In the years after NotPetya, Sandworm hit other targets around the world, including the 2018 Winter Olympics in PyeongChang, Korea, to the nation of Georgia, where they shut down television stations in 2019. But we haven't seen Sandworm reappear in any obvious way in Ukraine. Now, just before the full scale physical Russian invasion of Ukraine that occurred on February 24, we did see another round of cyberattacks that destroyed hundreds of computers in Ukrainian government and military agencies. Although, we don't have any conclusive evidence yet that it really was Sandworm this time. Now, in the midst of this invasion, cyber war has been a pretty secondary element at best. People are dying by the thousands. Refugees are fleeing the country. That is, of course, the context in which anything I say about cyber war has to be framed. It might even make attacks on computer systems seem kind of trivial. But I think that now that we understand Russia's cyber warfare playbook, now that we see what Sandworm is capable of, we have to kind of reckon with those capabilities. Russia is now in this conflict with the West as a whole. It's been isolated, and sanctions. And we'll have to grapple with the fact that Russia can unleash these sorts of cyberattacks on Western targets if it feels like it's been put into a corner, whether that comes in the form of data destroying malware, or attacks on power grids, or even something like NotPetya again. [MUSIC PLAYING]

  • Up next
  • Up next
  • Up next
  • Up next

Latest Stories