Questions about Cyberwarfare by Russia
Short answers, pulled from the story.
What is cyberwarfare by Russia and when did it begin?
Cyberwarfare by Russia comprises denial-of-service campaigns, hacking operations, disinformation programs, and state-directed online repression carried out by Russian security and intelligence agencies since the 1990s. The operations are designed to advance Kremlin geopolitical objectives and are framed within a Russian doctrine called informatsionnoye protivoborstvo, or information confrontation.
Which Russian hacker groups are linked to state-sponsored cyberattacks?
The main groups include APT28 (Fancy Bear), linked to GRU Unit 26165; APT29 (Midnight Blizzard), linked to the SVR; Sandworm, assessed as GRU Unit 74455; Turla, associated with FSB infrastructure; and Star Blizzard (also known as Callisto or ColdRiver), linked to the FSB Information Security Center. Attribution is based on US Department of Justice indictments, cybersecurity company reports, and investigative journalism.
What happened during the 2007 cyberattacks on Estonia?
In April 2007, following a diplomatic dispute over a Soviet war memorial, Estonia was struck by large-scale distributed denial-of-service attacks that took down financial, media, and government websites. Online banking became inaccessible, government email failed, and media outlets could not publish. A year later, NATO founded the Cooperative Cyber Defence Centre of Excellence in Tallinn as a direct response to the attacks.
What was the NotPetya malware campaign and who carried it out?
NotPetya was a destructive malware campaign attributed to Sandworm, assessed as GRU Unit 74455, that caused global financial losses. It was one of several major attacks Sandworm deployed against Ukrainian targets and beyond. A 2021 Dragos report also found that Sandworm had been targeting US electric utilities, oil and gas, and other industrial firms since at least 2017.
How did Russia interfere in the 2014 Ukrainian presidential election?
The pro-Russian hacker group CyberBerkut attacked the May 2014 Ukrainian presidential election over several days, releasing hacked emails, attempting to alter vote tallies, and using denial-of-service attacks to delay results. A file falsely declaring far-right candidate Dmytro Yarosh the winner was discovered inside the Central Election Commission network less than an hour before polls closed. Channel One Russia broadcast the fabricated graphic despite it never having appeared on the election commission's website.
What is the Voice of Europe influence operation linked to Russia?
Voice of Europe was a Kremlin-funded influence network based in Prague, exposed by Czech authorities in 2023. It was led in part by Ukrainian politician Viktor Medvedchuk and attempted to bribe European lawmakers, channel funds to far-right and Eurosceptic politicians, and sway the 2024 European Parliament election. Czech intelligence investigations in 2024 detailed how the network used local intermediaries to promote Kremlin positions across European Union member states.