Media
Media & Content
211
cyberattacks and operations
In the Russian-Ukraine war, why do cyberattacks on the Media sector matter?
The media sector plays a vital role in providing information, as well as forming and informing public opinion. The use of botfarms to spread fake accounts and messages at scale to audiences, through to attacks to deface websites, this conflict’s circulation of disinformation and propaganda is being waged online with harmful offline impacts. Attacks on the media sector have been relentless in their attempt to disrupt and/or influence the information space through the spread of disinformation and propaganda and disabling or disrupting services to limit access to timely, reliable and official information to populations in both Ukraine and Russian Federation.
What types of attacks have been documented against the sector?
Which countries have seen attacks on the sector in the context of the war?
What impact do these attacks have on people?
Access to news and information services during an armed conflict is a vital public interest for a population as it is a means to receive official information from national or local authorities. News from media outlets can also help to inform the decision making of the population about the risks to safety, to flee or remain in an area, access to humanitarian aid, etc.
The spread of misinformation (incorrect or misleading information) and disinformation (deliberately deceptive) may cause harm to people and organizations. “Disinformation in armed conflict may pose several distinctive forms of harm to civilians: exposure to retaliatory violence, distortion of information vital to securing human needs, and severe mental suffering.” (Source IRRC,) Thus access to accurate, timely and reliable information is a civilian necessity during periods of armed conflict and measures are required in order to prevent the spread of, or counter, misinformation and disinformation.
What are the primary digital impacts observed on the sector by country?
Can history shed light on the impact of attacks on this sector?
24 February 2022 – The Kyiv Post, Ukraine
On 24th February 2022 the Kyiv Post reported that its site had been under constant cyberattack in the conflict. The DDoS attack incapacitated their systems and they had to find alternative means to publish the news by posting shortened stories on Facebook, Twitter, and LinkedIn.
Societal harm / impact:
- Created logistical problems for personnel and it was more difficult for employees to communicate amongst themselves.
- The attack attempted to limit the public’s access to up to date, reliable, objective information during an escalating conflict.
Which threat actors have been linked to attacks on the sector during the conflict?
Name | Type | Origin | Number of attacks |
|---|---|---|---|
| People's CyberArmy | Collective | 39 | |
| NoName057(16) | Collective | 33 | |
| Anonymous Russia | Collective | 13 | |
| IT Army of Ukraine | Nation State | 13 | |
| Netside Group | Collective | Unknown | 9 |
| KillNet | Collective | 8 | |
| Phoenix | Collective | 7 | |
| BlueNet Russia | Unknown | Unknown | 6 |
| Bloodnet | Collective | Unknown | 6 |
| Anonymous | Collective | Unknown | 5 |
| Net Worker Alliance | Collective | Unknown | 5 |
| Mirai | Collective | 3 | |
| Kvazar DDoS | Collective | Unknown | 3 |
| Anonymous Sudan | Collective | unknown | 3 |
| Legion Cyber Spetsnaz | Collective | 3 | |
| APT28 | Nation State | 2 | |
| ICC_H@ckTeam | Collective | 2 | |
| XakNet | Collective | 2 | |
| Sandworm | Nation State | 2 | |
| Russian Hackers Team | Collective | Unknown | 2 |
| National Hackers of Russia (HXP) | Collective | Unknown | 2 |
| Structura National Technologies | Nation State | Unknown | 2 |
| Cyber Cat | Collective | Unknown | 2 |
| NLB | Unknown | Unknown | 2 |
| Zulik Group | Unknown | Unknown | 2 |
| UNC1151 | Nation State | 1 | |
| NB65 | Collective | Unknown | 1 |
| UAC-0099 | Unknown | Unknown | 1 |
| Cyber Palyanitsa | Collective | 1 | |
| Red Hackers Alliance | Collective | Unknown | 1 |
| AnonymousX777Z | Collective | Unknown | 1 |
| KillMilk | Individual | 1 | |
| Bear IT Army | Collective | 1 | |
| Anonymous Italia | Collective | Unknown | 1 |
| Cyber DDoS | Collective | Unknown | 1 |
| Avoid Team | Collective | Unknown | 1 |
| Solntsepek | Collective | Unknown | 1 |
| Social Digital Agency | Nation State | Unknown | 0 |
Explore the data
Event Name | Event Country | Event Date | Event Type | Impact Category | Impact Description | Threat Actor Name |
|---|---|---|---|---|---|---|
| Campaign: DDoS attack against the website of a Ukrainian news media | 2023-12-31 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| DDoS attack against the website of a Ukrainian news media | 2023-12-29 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| Campaign: DDoS attack against the website of an Austrian press agency | 2023-12-23 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| Campaign: DDoS attack against the website of an Austrian press agency | 2023-12-19 | DDoS | Disruption | Disrupted connectivity to website. Website unavailable to foreign IP addresses. | NoName057(16) | |
| DDoS attack against the website of a Ukrainian news media | 2023-12-13 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| Cyber-enabled information operation against a US news media | 2023-12-09 | Cyber-Enabled Information Operation | Disinformation | A pro-Russian message posing as a news ad from the news media outlet was broadcasted on a billboard. | Unknown | |
| DDoS attack against the website of a Ukrainian news media | 2023-11-21 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| Campaign: DDoS attacks against the websites of two Polish news medias | 2023-11-01 | DDoS | Disruption | Disrupted connectivity to the websites. | People's CyberArmy | |
| DDoS attack against the website of a Russian news media based in Latvia | 2023-10-22 | DDoS | Disruption | Disrupted connectivity to the website. | Zulik Group | |
| Campaign: DDoS attack against the websites of two Lithuanian news medias | 2023-10-21 | DDoS | Disruption | Disrupted connectivity to the websites. | NoName057(16) |
