Cyber Incident Victim: Russian Federation
Date:
Feb 2024
Location:
Russia
Summary
Ukrainian Military Intelligence cyber operations breached Russian drone control software, disrupting servers critical for identification systems and preventing drone configuration, video streaming, and computer-based control, likely forcing manual operation. This follows an earlier operation that destroyed servers and erased petabytes of data at a military satellite data processing center, causing significant financial losses and impairing critical military functions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Ukrainian Military Intelligence (HUR) executed a cyberattack against Russian drone control programs in February 2024, targeting software used by Russian forces to modify commercial DJI drones for combat operations. The attack disrupted critical infrastructure supporting drone operations, specifically disabling servers responsible for the "friend or foe" identification system. This breach rendered all associated software inaccessible to Russian operators, preventing them from configuring control panels, streaming video feeds to command posts, and controlling drones via computer interfaces. The loss of server access forced Russian forces to rely on manual control methods for drone operations, significantly degrading their tactical capabilities. Preliminary assessments indicated the cyberattack specifically impacted the Russian drone flashing project, a system essential for adapting commercial drones to military use. This incident followed a separate successful HUR cyber operation in January 2024 against the Far Eastern Scientific Research Centre of Space Hydrometeorology "Planet," a Russian state enterprise handling military satellite data processing.
The January 2024 attack on "Planet" involved cyber volunteers from the BO Team group, who destroyed 280 servers and erased approximately 2 petabytes (2 million gigabytes) of military satellite data. This data loss, valued at minimum $10 million, disrupted services to over 50 Russian state entities, primarily military units dependent on satellite-derived intelligence products. The "Planet" facility's role in receiving and processing space-based hydrometeorological data for military applications made it a strategic target. Ukrainian intelligence confirmed both operations as part of HUR's coordinated cyber campaign against Russian military infrastructure. No Russian containment measures or technical responses to either attack were detailed in available reporting. The cumulative impact included operational degradation of Russian drone warfare capabilities and substantial losses in military satellite data processing capacity, with no recovery timelines or restoration efforts disclosed.