Cyber Incident Victim: Ukroboronprom
Date:
Oct 2022
Location:
Ukraine
Summary
Following Russian missile strikes causing widespread power outages, Ukraine experienced significant internet and mobile communication disruptions, with connectivity dropping substantially and critical infrastructure damaged. Pro-Russian hackers launched DDoS attacks against a Ukrainian mobile bank during a military crowdfunding campaign, though donations continued successfully, while other hacktivist groups claimed breaches of websites including an armored vehicle producer's, though services were restored without major operational impact. Ukrainian cybersecurity officials assessed these cyberattacks as poorly coordinated, noting attackers often sought access before determining objectives, amid broader physical attacks targeting energy and telecommunications systems mitigated through backup generators and satellite internet.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 10, 2022, Russian missile strikes targeting Ukrainian critical infrastructure caused widespread power outages, leading to significant disruptions in internet connectivity and mobile communications across the country. Cloudflare data indicated internet availability dropped 35% below normal levels by 07:30 UTC, with outages beginning around 06:15 UTC following explosions. Over 1,000 settlements lost power, creating what internet monitoring organization NetBlocks described as some of the most severe blackouts since Russia's full-scale invasion began. Ukrainian state officials reported partial or complete loss of mobile communications in multiple regions, prompting authorities to request citizens limit mobile and electricity usage to preserve damaged infrastructure. Telecommunications providers relied on backup generators and Starlink satellite systems to restore services, with Ukraine's Minister of Digital Transformation noting improved response capabilities developed since February 2022. The attacks involved 84 missiles and 24 drones, damaging energy facilities, residential buildings, schools, healthcare institutions, and cultural sites. Ukrainian cybersecurity officials had previously warned in September 2022 about anticipated Russian cyberattacks targeting energy systems to amplify physical strikes, referencing historical precedents including the 2015 BlackEnergy and 2016 Industroyer malware incidents that disrupted power supplies in Ivano-Frankivsk and Kyiv.
Concurrently, pro-Russian hacker groups launched cyber operations against Ukrainian entities. The mobile bank Monobank sustained a distributed denial-of-service (DDoS) attack peaking at 6 million requests per minute, which its co-founder linked to retaliation for a successful crowdfunding campaign that raised $5.7 million in eight hours for military drones. The Cyber Army group claimed responsibility for hacking websites belonging to the Lviv Chamber of Commerce and an unspecified Ukrainian armored vehicle producer, though both sites remained operational without confirmed compromise. Ukrainian cybersecurity authorities characterized these attacks as disorganized, noting Russian hackers typically sought initial access before determining objectives. The State Service of Special Communications and Information Protection emphasized that while critical infrastructure remained vulnerable to combined physical and digital attacks, no large-scale cyber incidents comparable to the 2015-2016 grid attacks had materialized despite prior intelligence warnings. Restoration efforts focused on physical infrastructure repair and maintaining communications resilience through decentralized solutions like Starlink.