Cyber Incident Victim: Lviv Chamber of Commerce
Date:
Oct 2022
Location:
Ukraine
Summary
Pro-Russian hackers from the Cyber Army group claimed responsibility for compromising the websites of the Lviv Chamber of Commerce and a Ukrainian armored vehicle manufacturer, though both sites remained operational with no reported incidents. Ukrainian cybersecurity officials characterized these attacks as part of broader chaotic and poorly coordinated efforts by pro-Kremlin actors, who typically prioritize gaining access to systems before determining objectives. The incident coincided with widespread internet disruptions and DDoS attacks against Ukrainian infrastructure following missile strikes, though the Chamber of Commerce breach appeared limited in impact compared to other concurrent cyber operations targeting financial and energy systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 10, 2022, widespread Russian missile and drone strikes targeting Ukrainian critical infrastructure caused significant disruptions to internet connectivity and mobile communications across Ukraine. Cloudflare data recorded internet availability dropping 35% below normal levels by 07:30 UTC, with outages persisting into the following day. Over 1,000 settlements experienced power failures, forcing telecommunications providers to rely on backup generators and Starlink satellite systems to maintain services. Ukrainian authorities urged citizens to conserve mobile data and electricity due to infrastructure damage from 84 missiles and 24 drones. These physical attacks coincided with cyber operations: Pro-Russian hackers launched a distributed denial-of-service (DDoS) attack against Monobank, Ukraine’s mobile banking platform, flooding it with 6 million requests per minute. The attack occurred during a crowdfunding campaign for military drones but failed to disrupt donations, which reached $5.7 million within eight hours. No group claimed responsibility for this DDoS operation.
Simultaneously, the pro-Russian Cyber Army group claimed responsibility for compromising websites belonging to the Lviv Chamber of Commerce and an unspecified Ukrainian armored vehicle manufacturer via a Telegram announcement on October 10. Both organizations’ websites remained operational post-attack, with no official incident reports filed. Ukrainian cybersecurity officials characterized these and other pro-Kremlin cyber operations as disorganized, noting attackers often gained system access before determining objectives. The State Service of Special Communications highlighted Russia’s historical targeting of Ukrainian energy infrastructure through malware like BlackEnergy (2015) and Industroyer (2016), though no comparable cyber-physical attacks materialized during this incident. Defense Intelligence had warned in September 2022 of anticipated Russian cyber campaigns against energy systems to amplify missile strike impacts, but physical infrastructure damage remained the primary disruption vector during this event.