Menu
Browse

Cyber Threat Actor: Russian Cyber Army

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Nation State
Russia
2 incidents
Profile

The threat actor operates under the aliases Russian Cyber Army and Cyber Army of Russia and is located in Russia. Its targeting has focused on election‑related systems, including political party websites, state election boards and voter registration databases. Beyond elections, the actor has also struck government ministries, shipbuilding enterprises and financial institutions, as indicated in its claims following the Japan Liberal Democratic Party disruption. In public messaging the actor has described its actions as a response to policies it labels Russophobic, pointing to a strategic aim of political disruption and coercion. A separate line of activity shows the actor seeking to harvest personal information from voter rolls, which reflects an information‑gathering or espionage objective.

The actor’s observed tactics include distributed denial‑of‑service floods that render online services temporarily inaccessible. During the Illinois State Board of Elections incident the intruders remained inside the network for nearly three weeks before detection, indicating an ability to maintain stealthy, long‑term access. The source material does not name any particular malware family, exploit kit or initial‑access vector used by the group, so the profile is limited to the noted DDoS and unauthorized access methods. Attribution is supported by official statements: the Illinois breach was attributed to Russian state security actors, while the Japan and Mississippi operations were claimed by pro‑Russian hacking groups that include the Cyber Army of Russia. The October 2024 DDoS against Japan’s Liberal Democratic Party website coincided with the launch of the party’s general election campaign and was accompanied by similar attacks on other government bodies, shipbuilding firms and financial institutions. The actor characterized those attacks as punishment for Russophobic policies and election‑related disruption in nations opposed by the Kremlin. In April 2017 the Illinois State Board of Elections reported that hackers accessed the personal data of roughly eighty thousand voters, including social security numbers and driver’s license information. Officials said the intruders had access to the system for nearly three weeks before being discovered, and the breach was linked to an IP address the FBI has associated with Russian state security. In November 2023 a pro‑Russian hacking group claimed responsibility for a DDoS that knocked out Mississippi election‑related websites during the midterm vote, although voting and vote‑counting processes were reported to remain unaffected. The Mississippi secretary of state’s office noted that the attack caused periodic inaccessibility of public‑facing sites but did not compromise the underlying election infrastructure.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
3 sources