Cyber Incident Victim: Russian Federation
Date:
Aug 2024
Location:
Russia
Summary
Ukrainian hackers conducted cyberattacks targeting internet providers, military-industrial facilities, and digital services, disrupting connectivity for major telecom operators and technology companies. The incidents blocked dozens of industrial platforms supporting military operations, destroyed cloud storage, and caused temporary outages for messaging applications. Affected entities included providers of critical infrastructure components like aircraft parts and ballistic protection, with pro-Ukrainian messages displayed on compromised systems. Previous operations had similarly impacted financial services and communication networks in occupied territories.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 21, 2024, a cyberattack disrupted messaging services across Russia, causing widespread outages of WhatsApp and Telegram. Russia’s state media oversight agency, Roskomnadzor, reported the incident began around 14:00 local time, characterizing it as a "large-scale disruption" affecting both platforms. The agency’s Center for Monitoring and Control of Public Communication Networks detected the operational failures but did not specify the duration or technical scope of the outage. While Roskomnadzor attributed the disruption to a distributed denial-of-service (DDoS) attack, no entity claimed responsibility, and the article did not identify mitigation measures or restoration timelines. This incident preceded a more extensive cyber campaign against Russian infrastructure three days later.
On August 24, Ukrainian hackers affiliated with the Defense Intelligence of Ukraine (HUR) executed a coordinated cyberattack targeting Russian internet providers and military-industrial entities. The operation compromised at least 33 servers and 283 office computers across industrial facilities, disrupting 21 websites and destroying 15 cloud and file storage systems. Affected providers included Rostelecom, MTC, and Beeline, with users reporting connectivity issues at Yandex and its services. Hackers infiltrated factories producing aircraft components, ballistic protection gear, and equipment for Russian law enforcement, alongside hosting providers and diesel power plant manufacturers. Pro-Ukrainian messages were displayed on defaced platforms. The attack also disabled dozens of services supporting Russia’s military-industrial complex, including Mail.ru, a major internet portal. This followed prior HUR operations: a late June cyberattack severed communications for 250,000 users in occupied Crimea and Russian-controlled territories, described by providers as their "most powerful DDoS attack," and a July breach of Russian banks that blocked ATM withdrawals and triggered card suspensions. Russian providers acknowledged infrastructure damage but did not disclose remediation efforts.