Cyberwarfare by Russia

The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives.

"[3] Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems.

[6] An alternative view is that it is a suitable label for cyber attacks which cause physical damage to people and objects in the real world.

[21] In April 2007, following a diplomatic row with Russia over a Soviet war memorial, Estonia was targeted by a series of cyberattacks on financial, media, and government websites which were taken down by an enormous volume of spam being transmitted by botnets in what is called a distributed denial-of-service attack.

Online banking was made inaccessible, government employees were suddenly unable to communicate via e-mail, and media outlets could not distribute news.

[31][32][33] On 20 July 2008, the website of the Georgian president, Mikheil Saakashvili, was rendered inoperable for twenty-four hours by a series of denial of service attacks.

Shortly after, the website of the National Bank of Georgia and the parliament were attacked by hackers who plastered images of Mikheil Saakashvili and former Nazi leader Adolf Hitler.

[34][35] An independent US-based research institute US Cyber Consequences Unit report stated the attacks had "little or no direct involvement from the Russian government or military".

[36][37] In 2015, a high-ranking security official stated that it was "highly plausible" that a cybertheft of files from the German Parliamentary Committee investigating the NSA spying scandal, later published by WikiLeaks, was conducted by Russian hackers.

[41][42] Süddeutsche Zeitung reported in February 2017 that a year-long probe by German intelligence "found no concrete proof of [Russian] disinformation campaigns targeting the government".

[47] Beginning in mid-January 2009, Kyrgyzstan's two main ISPs came under a large-scale DDoS attack, shutting down websites and e-mail within the country, effectively taking the nation offline.

The attacks came at a time when the country's president, Kurmanbek Bakiyev, was being pressured by both domestic actors and Russia to close a U.S. air base in Kyrgyzstan.

[50] Between late April and early May 2022, in the midst of the 2022 Russian invasion of Ukraine, multiple Romanian government, military, bank and mass media websites were taken down after a series of DDoS attacks, behind which was a pro-Kremlin hacking group, Killnet.

The hacking group described the cyberattacks to be a response to a statement made by then-Senate president, Florin Cîțu that Romania would provide Ukraine with military equipment.

[51][52][53] According to two United States intelligence officials that talked to The Washington Post, and also the findings of cybersecurity analyst Michael Matonis, Russia is likely behind the cyber attacks against the 2018 Winter Olympics in South Korea.

[56] From 2014 to 2016, according to CrowdStrike, the Russian APT Fancy Bear used Android malware to target the Ukrainian Army's Rocket Forces and Artillery.

[70] Pro-Russian hackers launched a series of cyberattacks over several days to disrupt the May 2014 Ukrainian presidential election, releasing hacked emails, attempting to alter vote tallies, and delaying the final result with distributed denial-of-service (DDOS) attacks.

[71][72] Malware that would have displayed a graphic declaring far-right candidate Dmytro Yarosh the electoral winner was removed from Ukraine's Central Election Commission less than an hour before polls closed.

Despite this, Channel One Russia "reported that Mr. Yarosh had won and broadcast the fake graphic, citing the election commission's website, even though it had never appeared there.

"[71][73] According to Peter Ordeshook: "These faked results were geared for a specific audience in order to feed the Russian narrative that has claimed from the start that ultra-nationalists and Nazis were behind the revolution in Ukraine.

[75] In February 2017, Bradshaw called on the British intelligence service, Government Communications Headquarters, then under Boris Johnson as Foreign Secretary, to reveal the information it had on Russian interference.

[88] In 2016, the release of hacked emails belonging to the Democratic National Committee, John Podesta, and Colin Powell, among others, through DCLeaks and WikiLeaks was said by private sector analysts[89] and US intelligence services[90] to have been of Russian origin.

[93][94] In 2018, the United States Computer Emergency Response Team released an alert warning that the Russian government was executing "a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities' networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks."

It further noted that "[a]fter obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems.

[96] In June 2019, the New York Times reported that hackers from the United States Cyber Command planted malware potentially capable of disrupting the Russian electrical grid.

"[97] Over several months in 2020, a group known as APT29 or Cozy Bear, working for Russia's Foreign Intelligence Service, breached a top cybersecurity firm and multiple U.S. government agencies including the Treasury, Commerce, and Energy departments and the National Nuclear Security Administration.

In December 2023, U.S. authorities charged two Russian men, who are believed to be located in Russia and were associated with the "Callisto Group," which is associated with "Cold River" and "Dancing Salome" and are managed by the FSB Information Security Center (18th Center) (CIB or TsIB FSB),[a] in connection with Star Blizzard's previous actions, which included targeting individuals and groups throughout the United States, Europe and in other NATO countries, many of which were supporting Ukraine during the Russo-Ukrainian War and allegedly attempting to provide foreign malign influence campaigns to influence the United Kingdom's 2019 elections in support of Russian government interests.

[122] On 30 December 2016, Burlington Electric Department, a Vermont utility company, announced that code associated with the Russian hacking operation dubbed Grizzly Steppe had been found in their computers.

Officials from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence warned executives of the financial, utility and transportation industries about the malware code.

Cyberwarfare specialists of the United States Army 's 782nd Military Intelligence Battalion (Cyber) supporting the 3rd Brigade Combat Team, 1st Cavalry Division during a training exercise in 2019
Putin's Asymmetric Assault on Democracy in Russia and Europe: Implications for U.S. National Security