ICT
Information & communication
219
cyberattacks and operations
In the Russian-Ukraine war, why do cyberattacks on the ICT sector matter?
Information and Communication Technology is a key enabler across all sectors, for the digital economy, for media platforms and potentially a path to attack organizations and other sectors. The deliberate destruction of TV and radio broadcasting infrastructure in Ukraine have been documented as a result of physical attacks on infrastructure; cyberattacks on telecommunication providers have also been documented. These attacks are being used as a means to disrupt access to reliable information relating to developments in the war and the situation in Ukraine.
What types of attacks have been documented against the sector?
Which countries have seen attacks on the sector in the context of the war?
What impact do these attacks have on people?
Cyberattacks on telecommunications and internet service providers have a direct impact on people. Targeting these services on the day of the invasion and in the ongoing conflict has an impact on civilians who depend on their services in order to stay informed, contact loved ones, seek medical support, access online services, coordinate rescue efforts and much more. Targeting telecommunications networks adds to the confusion and fog of war and the impact for civilians is accentuated during hostilities.
What are the primary digital impacts observed on the sector by country?
Can history shed light on the impact of attacks on this sector?
24 February 2022 – Viasat, Ukraine (impact felt in other European countries)
On the day of the invasion a cyberattack disrupted broadband satellite internet access. It disabled modems that communicate with Viasat Inc's KA-SAT satellite network, which supplies internet access to tens of thousands of people in Ukraine and Europe. More than two weeks later some remained offline.
Viasat in a later statement said they believed the purpose of the attack was to interrupt services rather than to access data or systems.
Societal harm/impact:
- Internet access offline for more than 2 weeks.
- Nearly 9,000 subscribers of a satellite internet service provider were deprived of the internet in France.
- Around a third of 40,000 subscribers of another satellite internet service provider in Europe (Germany, France, Hungary, Greece, Italy, Poland) were affected.
- A major German energy company lost the remote monitoring access to over 5,800 wind turbines which was deactivated during the attack.
- Affected several thousand customers located in Ukraine and tens of thousands of other fixed broadband customers across Europe.
Which threat actors have been linked to attacks on the sector during the conflict?
Name | Type | Origin | Number of attacks |
|---|---|---|---|
| NoName057(16) | Collective | 50 | |
| People's CyberArmy | Collective | 38 | |
| IT Army of Ukraine | Nation State | 21 | |
| Anonymous Russia | Collective | 14 | |
| Mirai | Collective | 9 | |
| Netside Group | Collective | Unknown | 7 |
| KillNet | Collective | 6 | |
| Bloodnet | Collective | Unknown | 6 |
| Anonymous | Collective | Unknown | 5 |
| Anonymous Sudan | Collective | unknown | 4 |
| Anonymous Italia | Collective | Unknown | 3 |
| Cyber Cat | Collective | Unknown | 3 |
| Sandworm | Nation State | 3 | |
| NLB | Unknown | Unknown | 2 |
| APT28 | Nation State | 2 | |
| GURMO | Nation State | 2 | |
| DEV-0586 | Nation State | 1 | |
| UNC1151 | Nation State | 1 | |
| Nation State - Russian Federation | Nation State | 1 | |
| StudentCyberArmy | Collective | 1 | |
| GhostSec | Collective | 1 | |
| NB65 | Collective | Unknown | 1 |
| Turla | Nation State | 1 | |
| Zarya | Collective | 1 | |
| Haydamaki | Collective | 1 | |
| 2402team | Collective | Unknown | 1 |
| National Republican Army | Collective | 1 | |
| XakNet | Collective | 1 | |
| Russian Hackers Team | Collective | Unknown | 1 |
| National Hackers of Russia (HXP) | Collective | Unknown | 1 |
| Bear IT Army | Collective | 1 | |
| Phoenix | Collective | 1 | |
| Russian Clay | Collective | Unknown | 1 |
| Cyber Anarchy Squad | Collective | Unknown | 1 |
| UAC-0102 | Unknown | Unknown | 1 |
| BlueNet Russia | Unknown | Unknown | 1 |
| Net Worker Alliance | Collective | Unknown | 1 |
| Hdr0 | Unknown | Unknown | 1 |
| UAC-0165 | Unknown | Unknown | 1 |
| Glory to Russia 666 | Unknown | Unknown | 1 |
| Zulik Group | Unknown | Unknown | 1 |
| Hustle Bros | Unknown | Unknown | 1 |
| Solntsepek | Collective | Unknown | 0 |
Explore the data
Event Name | Event Country | Event Date | Event Type | Impact Category | Impact Description | Threat Actor Name |
|---|---|---|---|---|---|---|
| Campaign: DDoS attacks against the websites of two Lithuanian ISPs | 2023-12-30 | DDoS | Disruption | Disrupted connectivity to websites. | NoName057(16) | |
| Campaign: DDoS attacks against the website of a Lithuanian ISP and the website and subdomain of another ISP | 2023-12-26 | DDoS | Disruption | Disrupted connectivity to websites. | NoName057(16) | |
| DDoS attack against an Italian software developing company | 2023-12-24 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| Campaign: DDoS attack against an Italian software developing company | 2023-12-21 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| DDoS attack against the Internet resources and server infrastructure of a Russian ISP | 2023-12-16 | DDoS | Disruption | Disrupted Internet access services. | IT Army of Ukraine | |
| DDoS attack against the website of a Czech telecommunications company | 2023-12-16 | DDoS | Disruption | Disrupted connectivity to website. | Anonymous Russia | |
| DDoS attacks against the website and subdomain of a Ukrainian ISP | 2023-12-15 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| Campaign: DDoS attack against the subdomain of a Ukrainian online authorization system | 2023-12-12 | DDoS | Disruption | Disrupted connectivity to the website. | NoName057(16) | |
| Malware cyberattack against a Russian IT company | 2023-12-12 | Wiper | Destruction | All servers were infected with malware resulting in the deletion of the entire system database, back ups and configuration files ensuring the functioning of the system. | GURMO | |
| Cyberattack against a Ukrainian telecommunications company | 2023-12-12 | Unknown | Destruction | The cyberattack against the target's core network began around 5 a.m. The threat actor was successful in destroying some of the core network's functions leading to the disruption of internet and mobile services, lasting two days. 24 million users affected by the cyberattack, along with the disruption of air raid sirens, banks, ATMs and point-of-sale terminals. | Sandworm |
