2022 Ukraine cyberattacks

[1] According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked.

[5][6] The Canadian government in an undated white paper published after 22 June 2022 believed "that the scope and severity of cyber operations related to the Russian invasion of Ukraine has almost certainly been more sophisticated and widespread than has been reported in open sources.

[2] Russia denies the accusations of an impending invasion, but has threatened "military-technical action" if its demands are not met, especially a request that NATO never admit Ukraine to the alliance.

[2] The attacks on 14 January 2022 consisted of the hackers replacing the websites with text in Ukrainian, erroneous Polish, and Russian, which state "be afraid and wait for the worst" and allege that personal information has been leaked to the internet.

First detected by the Microsoft Threat Intelligence Center (MSTIC), malware was installed on devices belonging to "multiple government, non-profit, and information technology organizations" in Ukraine.

[12] On 19 January, the Russian advanced persistent threat (APT) Gamaredon (also known as Primitive Bear) attempted to compromise a Western government entity in Ukraine.

[8][18] European Union High Representative Josep Borrell said of the source of the attack: “One can very well imagine with a certain probability or with a margin of error, where it can come from.”[19] The Secretary General of NATO Jens Stoltenberg announced that the organization would increase its coordination with Ukraine on cyberdefense in the face of potential additional cyberattacks.

American cybersecurity official Anne Neuberger stated that known GRU infrastructure has been noted transmitting high volumes of communications to Ukraine-based IP addresses and domains.

[25] Just before 5 pm on 23 February, data wiper malware was detected on hundreds of computers belonging to multiple Ukrainian organizations, including in the financial, defense, aviation, and IT services sectors.

[26][27] A day prior to the attack, the EU had deployed a cyber rapid-response team consisting of about ten cybersecurity experts from Lithuania, Croatia, Poland, Estonia, Romania, and the Netherlands.

[32][33] The attack "rendered inoperable thousands of Viasat KA-SAT satellite broadband modems in Ukraine, including those used by military and other governmental agencies, causing major loss in internet communication.

[37][38][39][40][41] On February 26, the Minister of Digital Transformation of Ukraine Mykhailo Fedorov announced the creation of an IT army, which will include cyber specialists, copywriters, designers, marketers and targetologists.

[42] Dozens of issues of Russian stars and officials have been made public, and Ukrainian songs have been broadcast on some television channels, including "Prayer for Ukraine".

[52] On 9 March alone, the Quad9 malware-blocking recursive resolver intercepted and mitigated 4.6 million attacks against computers and phones in Ukraine and Poland, at a rate more than ten times higher than the European average.

[53] Explaining the nature of the attack, Woodcock said "Ukrainians are being targeted by a huge amount of phishing, and a lot of the malware that is getting onto their machines is trying to contact malicious command-and-control infrastructure.

Ukrainian Ministry of Foreign Affairs website defaced by hackers
Ratio of DNS queries defensively blocked by Quad9 in Ukraine and Poland, 7–9 March 2022.