Menu
Browse

Cyber Threat Actor: Ukrainian Hackers

Actor Type Location Known Incidents
 Icon
Activist
Ukraine
2 incidents
Profile

The threat actor ispublicly referred to as Ukrainian Hackers and is associated with operations originating from Ukraine. Reporting describes the group’s activities as large‑scale, well‑funded and professional, with multiple incidents spanning several years that have attracted attention from news outlets and security observers. The alias appears in both recent and historical accounts, indicating a persistent use of the label in open‑source discussions.

Targeting observed in the disclosed incidents includes internet service providers, major telecommunications operators, technology firms and military‑industrial facilities that produce components such as aircraft parts and ballistic protection. The actor has also struck digital services and cloud‑storage platforms, leading to the destruction of stored data and temporary outages for messaging applications. Additional targets encompass financial services and communication networks in occupied territories, as well as media outlets, journalist‑bloggers and websites in Malta that criticize the government. Strategic objectives evident from these actions are the disruption of enemy logistics and communications, the display of pro‑Ukrainian messages on compromised systems, the intimidation of critics through sustained offensive campaigns, and the use of trolling and hate campaigns alongside technical attacks to suppress dissenting voices.

The actor’s tactics, techniques and procedures as described in the sources rely primarily on distributed denial‑of‑service methodology, flooding target servers with traffic originating from many computers worldwide to overwhelm defenses. No specific malware families, initial‑access vectors or custom tooling are mentioned in the available reporting. Attribution to a state sponsor or criminal consortium is not explicitly established in the public sources; the actor is identified only by its geographic origin and the alias Ukrainian Hackers. Representative operations cited include the August 2024 campaign that hit Russian internet providers, military‑related firms and digital services, and the May 2018 DDoS assault on Manuel Delia’s blog in Malta, which was described as one of the most severe attacks ever seen on Maltese websites, caused temporary downtime despite technical countermeasures, was linked to the victim’s criticism of the government, prompted consideration of enhanced security measures, and was characterized as a criminal act with destructive intent comparable to physical attacks on media institutions.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
1 source