Total Pageviews

Wednesday, February 23, 2022

Timeline: Ukraine-Russia War and its Cyber Dimension

Here is a timeline of cyberattacks, cyber-related events, political decisions and publications that take place in the context of the Ukraine-Russia crisis and wars. 

(list under construction)




"Cybernetics has a relatively long history in Ukraine, where its development started in 1947, several years earlier than in the rest of the USSR but about a decade later than in the West".  



"in November 1984, it was announced on Radio Moscow that scientists at the Glushkov institute of Cybernetics, which is part of the Ukrainian Academy of Sciences, had developed the first automatic system for teaching school children in the USSR." 

November, 1984


"a new supercomputer" was in production at Severodonetsk in the Donelske Oblast. Because of restrictions imposed by the United States government on software exports to the Soviet Union [...] the USSR had developed the computer on its own, and "there is nothing similar anywhere in the world."  

July, 1985


Ukraine and Russia, among several other countries, connect to NSFNET  



Russian cyberattack against Ukraine: operation "Armageddon".  


Report on Armageddon/Gamaredon Group:


Russian cyberattack; operation "Snake". 

February 2014


Attacks against the ukrainian automated system "Elections". 

22-26 May, 2014


Russian hackers breach the Ukrainian power grid (using the Trojan virus BlackEnergy)

23 December 2015

Attribution; Sandworm Team (APT)

Kenneth Geers (Ed.), Cyber War in Perspective: Russian agression against Ukraine, CCDCOE, Tallinn, 2015, 175 pages.


Chapter "Cyber Proxies and the Crisis in Ukraine", Tim Maurer,      

Ukraine adopted in 2016 a National Cybersecurity Strategy

15 February 2016


Emergence of the Ukrainian Cyber Alliance (UCA), community of ukrainian cyber activists. Its goal is to counter russian agression in Ukraine.  

Spring, 2016

List of their cyber operations:


Second attack against the ukrainian power grid

17 December 2016 Attribution: Electrum  

Ukrainian state institutions have been targeted about 6500 times in the past 2 months.

December, 2016


Russian hackers attack Ukraine's Finance Ministry, the State Treasury, and disrupt 150 000 electronic payments.



Marie Baezner, Patrice Robin, Hotspot Analysis: Cyber and Information warfare in the Ukrainian conflict, CSS Cyber Defense Project, Zürich, version 1, 32 pages.

June 2017


Russia deployes the NotPetya malware via Ukrainian accounting software

27 July 2017


The U.S. ambassador to the Ukraine announces a $5 million assistance package to strengthen Ukrainian cyber security efforts during the nation’s first bilateral dialogue on cyber security

29 September 2017


Aaron F. Brantly, Nerea M. Cal and Devlin P. Winkelstein, Defending the Borderland, Ukrainian Military Experiences with IO, Cyber, and EW. Army Cyber Institute, West Point, 60 pages.



Attempted cyberattack against the network equipment of the Auly Chlorine Distillation Station (in Ukraine)

11 July 2018 This cyberattack used the VPNFilter malware

Nadiya Kostyuk, Yuri M. Zhukov, Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events?, Journal of Conflict Resolution, 2019, Vol. 63(2) 317-347  

2019 "In Ukraine—one of the first armed conflicts where both sides deployed such tools extensively—cyber activities failed to compel discernible changes in battlefield behavior".


"Cybersecurity; the geospatial edge". This article mentions that Russia installed a undersea cable across the Strait of Kerch in January 2014. "The cable’s existence strongly suggested Russia was making a move to connect Ukraine’s critical infrastructure with Russia’s."

5 November 2019

ESRI Blog.

Ukrainian authorities ask FBI for help investigating Russian hack on Burisma

January 2020


Ukraine’s State Service for Special Communications and Information Protection signes a memorandum of understanding with Huawei on cooperation in the areas of cybersecurity and cyber defense.

15 October 2020


Signing of the U.S.-Ukraine Strategic Defense Framework between the U.S.Department of Defense (DoD)and the Ministry of Defence of Ukraine (MOD). Among the priorities of the agreement there is "Strengthening cooperation on cyber security to deter malicious cyber activities on national security systems, to attribute such activities, and to defend against adversaries effectively".

August 31, 2021


Malware attack (detected by Microsoft MSTIC) hits government devices, non-profit organizations and information technology organizations in Ukraine

January 13, 2022


About 70 government Ukrainian websites are affected by a series of cyberattacks (web defacement)

January 14, 2022


Microsoft discovers a new malware family calle WhisperGate

January 15, 2022


Decree of the President of Ukraine n°37/2022 on the Plan for the Implementation of the Cybersecurity Strategy of Ukraine. 

February 1, 2022


A School of Communication and Cybersecurity Specialists was launched in the Armed Forces of Ukraine.  

February 2, 2022


Nikolai Murashov, Deputy Director of the National Coordination Center of the Russian Federation for Computer Incidents, declares that several foreign countries plan to launch cyberattacks against Russia's critical information infrastructures

February 3, 2022


Cyberattacks against Ukrainian government websites

February 15, 2022


The Ukrainian government asks for the EU’s support of cyber military officials

February 18, 2022


U.S. attributes February DDoS attacks to Russia's GRU

February 18, 2022


Ahmad Mohee, Cyber war: The hidden side of the Russian-Ukrainian crisis, 4 pages,

February 20, 2022


EU countries mobilize cyber team to provide cyber defense support to Ukraine

February 21, 2022


Cyberattacks against several official Ukrainian websites: 

- Ukrainian Cabinet of Ministers; 

- Ministries of Foreign Affairs, Infrastructure, Education and others

Some banks have been impacted by the attacks

February 23, 2022

DDoS attack, malware attack (that also infects computer systems in neigbouring countries such as Latvia and Lithuania)   

Russian State-backed hackers group known as Sandworm is suspected of having developed the new malware

Donetsk suffered a multi-hour Internet disruption primarily affecting provider Eastnet, amid a wider power outage

23 February 2022

Cyberattack using HermeticWiper

23 February 2022

Russia has launched a series of military attacks against Ukrainian military bases       

 24 February 2022


Key Ukrainian government websites are still down early Thursday morning

24 February 2022


Cyberattacks using IsaacWiper, target Ukrainian institutions and systems       

 24 February 2022


Shares of cybersecurity companies jump: Telos (+14%), Palo Alto Networks (+10%), etc. 

24 February 2022 


Cyberattacks against Ka-Sat satellite network. Attribution: Russia?

24 February 2022

Communications have been affected in Europe, in Ukraine, in Germany (5800 affected wind turbines), 10 000 customers of Nordnet in France lost internet access

Kyiv Internet traffic has dropped 60 percent over the course of the day

24 February 2022

Communications have been affected in Europe, in Ukraine, in Germany (5800 affected wind turbines), 10 000 customers of Nordnet in France lost internet access

Ukrainan government calls on hackers underground to help protect critical information infrastructures

February 25, 2022


Leaders of the Conti ransomware hackers group announce they are supporting Russia

February 25, 2022


Cyberattacks against Ukraine, using a new version of IsaacWiper       

 25 February 2022


Anonymous hackers launch cyber war against Russia

February 25, 2022


Ukraine says hackers from Belarusian military are targeting private email addresses of Ukrainian military personel. 

February 25, 2022

The Belarusian hackers group is code-named UNC1151 

Russia is restricting access to Facebook 

February 25, 2022


Deputy Prime Minister declares that Ukraine will create an IT Army to fight against Russia's cyberattacks. He also published on a Telegram message a list of 31 russian websites that should be targeted by hackers 

February 26, 2022


Sur Twitter le vice premier ministre ukrainien s'adresse à Elon Musk: "While your rockets successfully land from space — Russian rockets attack Ukrainian civil people! We ask you to provide Ukraine with Starlink stations and to address sane Russians to stand." 

February 26, 2022

Réponse d'Elon Musk: "Starlink service is now active in Ukraine. More terminals en route."

Ukraine has launched the website to help Russian families track down killed or captured soldiers. 

February 27, 2022

Belarusian hackers attacked the Belarusian Railways, to slow down the transfer of Russia's forces to Ukraine  

February 27, 2022

Conti ransomware group chats have been leaked and published online

February 27, 2022

Ukraine requests to cut off Russia from the Internet         

February 28, 2022  Request sent to ICANN by its Ukraine's representative

USA and UK security agencies (NSA, CISA, FBI, Cyber Command, NCSC) released a joint statement exposing harmful cyber operations by iranian state-sponsored hackers group MuddyWater

February 28, 2022

Several hacker groups and countries are likely to launch cyber operations that are not directly related to the Ukraine-Russia war, but which add threat to an already highly disrupted environment.

Several Russian Websites inaccessible (from France):,

February 28, 2022


Several videos of Ukrainian drone missile strikes have been published in the last few days and hours        

February 28, 2022

video on Youtube: 1, 2, 3, 4, etc. 

Alphabet Inc.'s Google temporarily disables Google Maps live traffic data in Ukraine   

February 28, 2022

The Moscow Stock Exchange was offline on Monday 28 February. Today the website still inaccessible.

March 1, 2022

"Meta is stepping up to shut down Russian lies. When will Youtube? We are calling onGoogle to deplatform Russian state media in the strongest possible terms.” M. Fedorov on Twitter 

March 1, 2022

Kyiv-based cybersecurity company Cyber Unit Technologies is organizing a hackaton, promising a $100k bounty payable incryptocurrency to the best online attacks against Russian websites

March 1, 2022

Internet disruption has been reported in Severodonetsk, the acting administrative center of Luhansk Oblast, in Eastern Ukraine

March 1, 2022


"The Russia-Ukraine Cyber Conflict and Potential Threats to the US Health Sector", Report, Analyst Note, HHS Cybersecurity Program, 10 pages

March 1, 2022


According to cyber security firm Sekoia, nearly 260,000 people have joined the "IT Army" of volunteer hackers. 

March 2, 2022


ICANN denies Ukrain request to cut off Russia from the Internet  (letter signed by Göran Marby, President of ICANN)      

March 2, 2022 Official reasons: this is not technically feasible (since the internet is not a centralized system); and this is not the mission of ICANN (that has been built to ensure the internet works, and not to stop it from working): a shut down would also impact all russian citizens, included dissidents. 

Oracle and SAP suspend their operations in Russia

March 2, 2022


The Conti ransomware gang dismantled its back-end and C2 infrastructure

March 3, 2022


Telecoms blackout in Sumy Oblast, north-eastern Ukraine

March 3, 2022


Vedere Labs, Monitoring cyber activities connected to the Russian-Ukrainian Conflict, Briefing Notes, 15 pages.

March 3, 2022


Mariupol Internet goes dark as power is cut off

March 3, 2022


Elon Musk on Twitter: "Important warning: Starlink is the only non-Russian communications system still working in some parts of Ukraine, so probability of being targeted is high. Please use with caution". Users are advised to only turn on Starlink when needed and to place the antenna as far away from people as possible.

March 3, 2022


Mariupol Internet goes dark as power is cut off

March 3, 2022


Russia blocks Facebook inside the country

March 4, 2022


Russia's new legislation prohibits speech considered as fake news (about military and war in Ukraine).

March 4, 2022


The US-based ISP Cogent disconnects its customers in Russia

March 4, 2022


Significant telecoms disruption in Kherson Oblast, southern Ukraine

March 4, 2022


Ukraine has been included in the NATO CCDCOE as a "contributing participant".

March 4, 2022


Major disruption registered on Ukraine's national telecoms operator Ukrtelecom

March 5, 2022


The hacktivist group Squad303 releases API that may be used to send messages to Russian. The objective is to communicate about what happens in Ukraine.  

March 5, 2022


Iranian Internet connectivity is impacted by the war. The internet cable that comes from Russia and goes through Ukraine to Iran, has been cut off in Ukraine.

March 5, 2022


TikTok and Netflix block access to their services in Russia.

March 6, 2022


Le développeur Brandon Nozaki Miller, alias « RIAEvangelist » modifie l'un de ses logiciels open-source en wipper, pour piéger les utilisateurs russes et bélorusses. These new codes are called "protestware".  

March 7, 2022

L'opération fait des victimes collatérales, dont une association américaine recueillant des preuves de crimes de guerre commis en Ukraine: 30 000 messages et fichiers détruits. Le code malveillant est retiré le 8 mars 2022.


The International Atomic Energy Agency (IAEA) says it has lost contact with remote data transmission systems at Chernobyl nuclear power plant.

March 8, 2022


The US-based backbone provider Lumen quits Russia

March 8, 2022


Ukraine's national telecoms operator, Ukrtelecom, suffered a 40m nationwide outage. The ISP Triolan has been down for more than 12 hours (due to a cyberattack).

March 10, 2022


Roskomnadzor leak (publication of 820GB of documents from Roskomnadzor, leaked by Anonymous. The data is published by DDoSecrets)

March 10, 2022


Chech Point Research publishes an analysis of Conti ransomware group activities and organization.  

March 10, 2022


Russia has created its own TLS certificate authority (CA)  

March 10, 2022


"Suspicious Twitter Activity around the Russian Invasion of Ukraine", OSoMe White Paper, Indiana University, 6 pages  

March 10, 2022

The study reports on a dramatic spike in the creation of new accounts around the date of the invasion.


According to the CERT UA, ukrainian state organizations have been attacked with Cobalt Strike Beacon, GrimPlant, and GraphSteel malwares.

March 12, 2022


Ukraine's defense ministry began using Clearview AI’s facial recognition technology. It may be used to uncover Russian assailants, combat misinformation and identify the dead.

March 12, 2022


The Intercept publishes a translated version (from Russian to English) of the Conti leaked conversations.

March 14, 2022


Micah Lee, Leaked chats show Russian ransomware gang discussing Putin's invasion of Ukraine, The Intercept,

March 14, 2022


Analysts at Slovakia-based ESET discover a 4th wiper malware, used to attack Ukrainian organizations: WaddyWiper.

March 15, 2022


"The website of the Ministry of Emergency Situations of Russia was hacked to post a message about the Russian army’s death toll in Ukraine". March 16, 2022


Ukraine legalizes cryptocurrencies

March 17, 2022


Anonymous says it has attacked 2500 Russian and Belarussian websites, in support of Ukraine.  

March 17, 2022


Anonymous hackers have claimed to hack the Central Bank of Russia and steal 35,000 files (28GB of data).  

March 23, 2022


SAP is shutting down its cloud operations in Russia /  

March 24, 2022


According to state railway operator Ukrzaliznytsia’s press service, the company's online ticketing and telephone services have been hacked.  

March 24, 2022


Anonymous has created a new website to host its leaks:  

March 27, 2022


The hackers group NB65, linked to Anonymous, claims via Twitter it hacked all Russia State Television and Radio Broadcasting Company.  

March 27, 2022


Ukraine’s state-owned telecommunications company Ukrtelecom has been victim of a powerful cyberattack on Monday 28, 2022  

March 28, 2022


"the Ukrainian Defense Ministry’s Directorate of Intelligence published personal data of over 600 alleged Russian intelligence officials online claiming that the leak belongs to FSB (Federal Security Service) agents".  

March 28, 2022 This practice is also known as "doxing".


Kaspersky antivirus software has been added to US national security risk list 

March 28, 2022

This is not the first time Kaspersky has been banned in the US


Russia accuses the United States of leading a massive campaign of cyber aggressions targeting its critical infratructures.  

March 29, 2022


The Ukraine CERT (CERT UA) published information concerning MarsStealer malware attacks against Ukraine's citizens and government institutions. (CERT-UA # 4315)  

March 30, 2022


New website "Meta History Museul of War". This project combines "blockchain technology and contemporary art to document the historical truth about the Russian Federation's war against Ukraine" (  

April 1, 2022


Ukraine's military intelligence publishes a list of Russian militaries (names, passports, ranks) stationed in Bucha. /  

April 4, 2022


The Ukraine CERT (CERT UA) published information concerning the UAC-0010 (Armageddon) cyberattacks against european countries institutions.(CERT-UA # 4334)  

April 5, 2022


The Ukraine CERT (CERT UA) published information concerning the UAC-0010 (Armageddon) cyberattacks against Ukraine's government institutions.(CERT-UA # 4378)  

April 5, 2022


The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-based darknet market, Hydra Market (Hydra), in cooperation with the German Federal Criminal Police who shut down Hydra servers in Germany and seized $25 million worth of bitcoin.  

April 5, 2022


Ukraine's security and intelligence service is warning of a new wave of cyber attacks that are targetting users'Telegram accounts.  

April 6, 2022 The attacks are attributed to a threat cluster called "UAC-0094".


"The U.S. Agency for International Development said it delivered 5,000 of SpaceX’s Starlink terminals to Ukraine".  

April 6, 2022


U.S.Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU)  

April 6, 2022

The operation was conducted in March 2022.


Microsoft says it has disrupted cyber attacks attributed to Strontium, a hacking group linked to Russia’s military intelligence. The hackers tried to attack US and EU institutions.  

April 7, 2022


A map titled "where do orcs come from?" has been published online. Tha map has been created using Google Maps and the data published by the Ukraine defense intelligence services. Its is based on the passport data of the russian militaries that acted in Bucha.  

April 7, 2022


The CERT-UA informs that the hackers group Sandworm (UAC-0082) has launched cyberattacks against Ukraine's energy infrastructures, using the malwares INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435)  

April 12, 2022


US-based Cogent Communications began shutting down business with Russian customers.  

April 15, 2022


Ukraine CERT informs about a phishing attack on Facebook (fake Ukraine 24 Channel). (CERT-UA # 4492)  

April 19, 2022


Joint Cybersecurity Advisory. CISA. Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure. 20 pages report. April 20, 2022


Ukraine’s postal service hit by cyberattack after sales of warship stamp go online April 22, 2022


Anonymous hacked nearly 1.1 million emails (1.1 TB ) from ALET, a Russian customs broker for companies in the fuel and energy industries April 25, 2022 Documents are available at


Article: Eichensehr, Kristen, Ukraine, Cyberattacks, and the Lessons for International Law (April 25, 2022). 116 Am. J. Int'l L. Unbound, Forthcoming 2022, Virginia Public Law and Legal Theory Research Paper No. 2022-30 April 25, 2022

Available at SSRN:


Cyberattack UAC-0056 against ukraine with the malware GraphSteel and Grimplant. (CERT-UA # 4545) April 26, 2022


"Special report : Ukraine. An overview of Russia’s cyberattack activity in Ukraine". Report published by Microsoft. April 27, 2022 According to this report, Russia-aligned hackers have launched 237 cyberattacks against Ukraine from February 23 to April 8, including 38 destructive attacks.


Vladimir Putin signed the Executive Order On Additional Measures to Ensure Cybersecurity of the Russian Federation May 1, 2022

"The Executive Order determines which organisations may be involved in ensuring cybersecurity, as well as detecting, preventing and relieving the consequences of cyberattacks. In addition, it envisages appropriate rights for Federal Security Service bodies’ officials, as well as immediate implementation of organisational or technical measures. "


Has Russia really been attacked by chinese hackers? May 4, 2022


"1,400 Bangladeshi IP address used for cyber-attack in Russia and Ukraine" May 5, 2022


"The U.S. rushed cyber forces to Lithuania to help defend against online threats that have risen since Russia’s invasion of Ukraine". May 5, 2022


"Hackers replaced Russian TV schedules during Putin's 'Victory Day' parade with anti-war messages". May 9, 2022


RuTube has been hacked. The platform is offline. May 10, 2022


Pro-Russian hackers'group Killnet has attacked the websites of several Italian institutions (The websites of the senate, Italy's upper house of parliament, the National Health Institute (ISS), the Automobile Club d'Italia...) May 11, 2022


Armageddon APT Targeting Ukraine Through the Delivery of GammaLoad.PS1_v2 Malware May 12, 2022


A new fibe-optic internet cable has been istalled in Kherson region May 21, 2022


US confirms cyberattacks on Russia in Ukraine war June 1, 2022


"Hackers targeted Russian radio station Kommersant FM (...), broadcasting the Ukrainian national anthem and anti-war songs to protest Moscow’s invasion of Ukraine". June 8, 2022


Lithuania under russian cyberattacks. Series of DDoS attacks target websites of government agencies and private companies. June 27, 2022


Declaration by the High Representative on behalf of the European Union on malicious cyber activities conducted by hackers and hacker groups in the context of Russia’s aggression against Ukraine. Council of the EU. July 22, 2022


Ukraine Cyber Chief Visits 'Black Hat' Hacker Meeting in Las Vegas August 11, 2022


Ukrainian hackers attacked (DDoS attack) russian video-conference platforms such as TrueConf, Videomost,, iMind, and other. August 12, 2022


Ukraine’s nuclear operator Energoatom on Tuesday reported what it called an “unprecedented” cyberattack on its website August 16, 2022


Estonia hit by cyberattacks from Russian group Killnet. This attack is said to be the most extensive one Estonia has faced since 2007. August 18, 2022


Russian services have organised coordinated cyber-attacks on Montenegrin government servers twice since August 22 August 22, 2022


Ukraine and Poland agree to jointly counter Russian cyberattacks August 23, 2022


Ukrainian hackers have attacked the russian software provider Right Line (main provider of online banking applications in Russia). August 23, 2022


Dell Technologies exits Russia August 27, 2022


Ericsson, Nokia, Logitech say they will exit Russia August 29, 2022


"Someone hacked #YandexTaxi and ordered all available taxis to Kutuzov Prospect in Moscow " September 1, 2022


"Ukrainian hackers created fake profiles of attractive women to trick Russian soldiers into sharing their location". September 5, 2022


Pro-Russian hackers have attacked MI5’s public website. A group called Anonymous Russia claimed responsibility for the outage. Countries supporting Ukraine are targeted by pro-russian hackers. September 30, 2022


The website/application provides live updated information about the conflict in Ukraine. 

No comments:

Post a Comment