Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of

disinformation Disinformation is false information deliberately spread to deceive people. It is sometimes confused with misinformation, which is false information but is not deliberate. The English word ''disinformation'' comes from the application of the L ...

and propaganda, participation of state-sponsored teams in political blogs, internet

surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as c ...

using

SORM The System for Operative Investigative Activities (SORM; russian: Система оперативно-разыскных мероприятий) is the technical specification for lawful interception interfaces of telecommunications and telephone n ...

technology, persecution of cyber-dissidents and other

active measures Active measures (russian: активные мероприятия, translit=aktivnye meropriyatiya) is political warfare conducted by the Soviet or Russian government since the 1920s. It includes offensive programs such as espionage, propaganda ...

. According to investigative journalist

Andrei Soldatov Andrei Alekseyevich Soldatov (russian: Андрей Алексеевич Солдатов, born 4 October 1975 in Moscow, Russia) is a Russian investigative journalist and Russian security services expert. Together with fellow journalist Irina B ...

, some of these activities were coordinated by the Russian

signals intelligence Signals intelligence (SIGINT) is intelligence-gathering by interception of ''signals'', whether communications between people (communications intelligence—abbreviated to COMINT) or from electronic signals not directly used in communication ( ...

, which was part of the FSB and formerly a part of the 16th

KGB The KGB (russian: links=no, lit=Committee for State Security, Комитет государственной безопасности (КГБ), a=ru-KGB.ogg, p=kəmʲɪˈtʲet ɡəsʊˈdarstvʲɪn(ː)əj bʲɪzɐˈpasnəsʲtʲɪ, Komitet gosud ...

department.State control over the internet
, a talk show by

Yevgenia Albats Yevgenia Markovna Albats (russian: Евге́ния Ма́рковна Альба́ц, born 5 September 1958Echo of Moscow Echo of Moscow (russian: links=no, Эхо Москвы, translit=Ekho Moskvy) was a 24/7 commercial Russian radio station based in Moscow. It broadcast in many Russian cities, some of the former Soviet republics (through partnerships with local ra ...

, 22 January 2006; interview with

and others An analysis by the

Defense Intelligence Agency The Defense Intelligence Agency (DIA) is an intelligence agency and combat support agency of the United States Department of Defense, specializing in defense and military intelligence. A component of the Department of Defense (DoD) and the I ...

in 2017 outlines Russia's view of "Information Countermeasures" or IPb (''informatsionnoye protivoborstvo'') as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Online presence

US journalist

Pete Earley Pete Earley (born September 5, 1951) is an American journalist and author who has written non-fiction books and novels. Career Born in Douglas, Arizona, Earley became a ''Washington Post'' reporter and also wrote books about the Aldrich Ames ...

described his interviews with former senior

Russian intelligence The Foreign Intelligence Service of the Russian Federation ( rus, Служба внешней разведки Российской Федерации, r=Sluzhba vneshney razvedki Rossiyskoy Federatsii , p=ˈsluʐbə ˈvnʲɛʂnʲɪj rɐˈzvʲɛ ...

officer Sergei Tretyakov, who defected to the

United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...

in 2000: Tretyakov did not specify the targeted web sites, but made clear they selected the sites which are most convenient for distributing the specific information. According to him, during his work in

New York City New York, often called New York City or NYC, is the List of United States cities by population, most populous city in the United States. With a 2020 population of 8,804,190 distributed over , New York City is also the L ...

in the end of the 1990s, one of the most frequent subjects was the War in Chechnya. According to a publication in Russian computer weekly ''

Computerra ''Computerra'' (russian: Компьюте́рра) was a Russian computer weekly publication. The first edition was released on December 21, 1992 and was published by C&C Computer Publishing Limited (Computerra Publishing House). Later, it received ...

'', "just because it became known that anonymous editors are editing articles in

English Wikipedia The English Wikipedia is, along with the Simple English Wikipedia, one of two English-language editions of Wikipedia, an online encyclopedia. It was founded on January 15, 2001, as Wikipedia's first edition, and, as of , has the most arti ...

in the interests of UK and US intelligence and security services, it is also likely that Russian security services are involved in editing Russian Wikipedia, but this is not even interesting to prove it — because everyone knows that security bodies have a special place in the structure of our ussianstate"

Cyberattacks

It has been claimed that Russian security services organized a number of denial of service attacks as a part of their cyber-warfare against other countries, such as the 2007 cyberattacks on Estonia and the 2008 cyberattacks on Russia, South Ossetia, Georgia, and Azerbaijan. One identified young Russian hacker said that he was paid by Russian state security services to lead hacking attacks on

NATO The North Atlantic Treaty Organization (NATO, ; french: Organisation du traité de l'Atlantique nord, ), also called the North Atlantic Alliance, is an intergovernmental military alliance between 30 member states – 28 European and two No ...

computers. He was studying

computer sciences Computer science is the study of computation, automation, and information. Computer science spans theoretical disciplines (such as algorithms, theory of computation, information theory, and automation) to practical disciplines (including ...

at the Department of the Defense of Information. His tuition was paid for by the FSB.

Estonia

In April 2007, following a diplomatic row with Russia over a Soviet war memorial, Estonia was targeted by a series of cyberattacks on financial, media, and government websites which were taken down by an enormous volume of spam being transmitted by

botnets A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, Distributed Denial-of-Service (DDoS) attacks, steal data, send Spamming, s ...

in what is called a

distributed denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connec ...

. Online banking was made inaccessible, government employees were suddenly unable to communicate via e-mail, and media outlets could not distribute news. The attacks reportedly came from Russian IP addresses, online instructions were in Russian, and Estonian officials traced the systems controlling the cyberattacks back to Russia. However, some experts held doubts that the attacks were carried out by the Russian government itself. A year after the attack

founded the

Cooperative Cyber Defence Centre of Excellence NATO CCD COE, officially the NATO Cooperative Cyber Defence Centre of Excellence ( et, italic=yes, K5 or ''NATO küberkaitsekoostöö keskus''), is one of NATO Centres of Excellence, located in Tallinn, Estonia. The centre was established on 14 ...

Tallinn Tallinn () is the most populous and capital city of Estonia. Situated on a bay in north Estonia, on the shore of the Gulf of Finland of the Baltic Sea, Tallinn has a population of 437,811 (as of 2022) and administratively lies in the Harju ' ...

as a direct consequence of the attacks. In response to the

2022 Russian invasion of Ukraine On 24 February 2022, in a major escalation of the Russo-Ukrainian War, which began in 2014. The invasion has resulted in tens of thousands of deaths on both sides. It has caused Europe's largest refugee crisis since World War II. An ...

, Estonia has removed a Soviet-era tank monument near Narva. After its removal, Estonia was subject to "the most extensive cyberattack" since the 2007 cyberattacks.

France

In 2015, the

Paris Paris () is the capital and most populous city of France, with an estimated population of 2,165,423 residents in 2019 in an area of more than 105 km² (41 sq mi), making it the 30th most densely populated city in the world in 2020. S ...

-based French broadcasting service

TV5Monde TV5Monde (), formerly known as TV5, is a French public television network, broadcasting several channels of French-language programming. It is an approved participant member of the European Broadcasting Union. The network is available across ...

was attacked by hackers who used malicious software to attack and destroy the network's systems and take all twelve of its channels off the air. The attack was initially claimed by a group calling themselves the "Cyber Caliphate" however a more in-depth investigation by French authorities revealed the attack on the network had links to APT28, a

GRU The Main Directorate of the General Staff of the Armed Forces of the Russian Federation, rus, Гла́вное управле́ние Генера́льного шта́ба Вооружённых сил Росси́йской Федера́ци ...

-affiliated hacker group. In May 2017, on the eve of the French presidential election, more than 20,000 e-mails belonging to the campaign of

Emmanuel Macron Emmanuel Macron (; born 21 December 1977) is a French politician who has served as President of France since 2017. ''Ex officio'', he is also one of the two Co-Princes of Andorra. Prior to his presidency, Macron served as Minister of Econ ...

were dumped on an anonymous file-sharing website, shortly after the campaign announced they had been hacked. Word of the leak spread rapidly through the Internet, facilitated by bots and spam accounts. An analysis by Flashpoint, an American cybersecurity firm, determined with "moderate confidence" that APT28 was the group behind the hacking and subsequent leak. In February 2021 the

Agence nationale de la sécurité des systèmes d'information The ''Agence nationale de la sécurité des systèmes d'information'' (ANSSI; English: French National Agency for the Security of Information Systems) is a French service created on 7 July 2009 with responsibility for computer security.Sandworm between late 2017 and 2020 by hacking French software company Centreon to deploy malware. Similar to the

2020 United States federal government data breach In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of ...

. The ANSSI said the breach "mostly affected information technology providers, especially web hosting providers." Russia has denied being behind the cyberattack. Centreon said in a statement that it "has taken note of the information" but disputed that the breach was linked to a vulnerability in their commercial software.

Georgia

On 20 July 2008, the website of the Georgian president,

Mikheil Saakashvili Mikheil Saakashvili ( ka, მიხეილ სააკაშვილი ; uk, Міхеіл Саакашвілі ; born 21 December 1967) is a Georgian and Ukrainian politician and jurist.

, was rendered inoperable for twenty-four hours by a series of denial of service attacks. Shortly after, the website of the

National Bank of Georgia The National Bank of Georgia ( ka, საქართველოს ეროვნული ბანკი, ''Sakartvelos Erovnuli Bank’i'') is the central bank of Georgia. Its status is defined by the Constitution of Georgia. According t ...

and the parliament were attacked by hackers who plastered images of Mikheil Saakashvili and former Nazi leader

Adolf Hitler Adolf Hitler (; 20 April 188930 April 1945) was an Austrian-born German politician who was dictator of Nazi Germany, Germany from 1933 until Death of Adolf Hitler, his death in 1945. Adolf Hitler's rise to power, He rose to power as the le ...

. During the war, many Georgian government servers were attacked and brought down, reportedly hindering communication and the dissemination of crucial information. According to technical experts, this is the first recorded instance in history of cyberattacks coinciding with an armed conflict. An independent US-based research institut
US Cyber Consequences Unit
report stated the attacks had "little or no direct involvement from the Russian government or military". According to the institute's conclusions, some several attacks originated from the PCs of multiple users located in Russia,

Ukraine Ukraine ( uk, Україна, Ukraïna, ) is a country in Eastern Europe. It is the second-largest European country after Russia, which it borders to the east and northeast. Ukraine covers approximately . Prior to the ongoing Russian inv ...

and

Latvia Latvia ( or ; lv, Latvija ; ltg, Latveja; liv, Leţmō), officially the Republic of Latvia ( lv, Latvijas Republika, links=no, ltg, Latvejas Republika, links=no, liv, Leţmō Vabāmō, links=no), is a country in the Baltic region of ...

. These users were willingly participating in cyberwarfare, being supporters of Russia during the

2008 South Ossetia war The 2008 Russo-Georgian WarThe war is known by a variety of other names, including Five-Day War, August War and Russian invasion of Georgia. was a war between Georgia, on one side, and Russia and the Russian-backed self-proclaimed republics of Sou ...

, while some other attacks also used botnets.

Germany

In 2015, a high-ranking security official stated that it was "highly plausible" that a cybertheft of files from the

German Parliamentary Committee investigating the NSA spying scandal The German Parliamentary Committee investigation of the NSA spying scandal (official title: ''1. Untersuchungsausschuss „NSA“'') was started on March 20, 2014, by the German Parliament in order to investigate the extent and background of fore ...

, later published by

WikiLeaks WikiLeaks () is an international Nonprofit organization, non-profit organisation that published news leaks and classified media provided by anonymous Source (journalism), sources. Julian Assange, an Australian Internet activism, Internet acti ...

, was conducted by Russian hackers. In late 2016,

Bruno Kahl Bruno Guntram Wilhelm Kahl (born 12 July 1962 in Essen, West Germany) is a German civil servant and administrative lawyer. Since 1 July 2016, he has been President of the Federal Intelligence Service (''Bundesnachrichtendienst''). Early life and ...

, president of the

Bundesnachrichtendienst The Federal Intelligence Service (German: ; , BND) is the foreign intelligence agency of Germany, directly subordinate to the Chancellor's Office. The BND headquarters is located in central Berlin and is the world's largest intelligence head ...

warned of data breaches and misinformation-campaigns steered by Russia. According to Kahl, there are insights that cyberattacks occur with no other purpose than to create political uncertainty. ''

Süddeutsche Zeitung The ''Süddeutsche Zeitung'' (; ), published in Munich, Bavaria, is one of the largest daily newspapers in Germany. The tone of SZ is mainly described as centre-left, liberal, social-liberal, progressive-liberal, and social-democrat. History ...

'' reported in February 2017 that a year-long probe by German intelligence "found no concrete proof of ussiandisinformation campaigns targeting the government". By 2020 however German investigators had collected enough evidence to identify one suspect.

Hans-Georg Maaßen Hans-Georg Maaßen (born 24 November 1962) is a German civil servant and lawyer. From 1 August 2012 to 8 November 2018, he served as the President of the Federal Office for the Protection of the Constitution, Germany's domestic security agency ...

, head of the country's

Federal Office for the Protection of the Constitution The Federal Office for the Protection of the Constitution (german: Bundesamt für Verfassungsschutz or BfV, often ''Bundesverfassungsschutz'') is Germany's federal domestic intelligence agency. Together with the Landesämter für Verfassungss ...

, noted "growing evidence of attempts to influence the

ext Ext, ext or EXT may refer to: * Ext functor, used in the mathematical field of homological algebra * Ext (JavaScript library), a programming library used to build interactive web applications * Exeter Airport (IATA airport code), in Devon, England ...

federal election" in September 2017 and "increasingly aggressive cyber espionage" against political entities in Germany. ''

The New York Times ''The New York Times'' (''the Times'', ''NYT'', or the Gray Lady) is a daily newspaper based in New York City with a worldwide readership reported in 2020 to comprise a declining 840,000 paid print subscribers, and a growing 6 million paid ...

'' reported on 21 September 2017, three days before the German federal election, that there was little to suggest any Russian interference in the election. In 2021 the European Commission has accused Russia of trying to interfere in European democratic processes just days before the parliamentary election on September 26 in Germany.

Kyrgyzstan

Beginning in mid-January 2009, Kyrgyzstan's two main

ISP An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise private ...

s came under a large-scale DDoS attack, shutting down websites and e-mail within the country, effectively taking the nation offline. The attacks came at a time when the country's president,

Kurmanbek Bakiyev Kurmanbek Saliyevich Bakiyev (, ''Kurmanbek Saliyevich (Sali Uulu) Bakiyev''; born 1 August 1949) is a Kyrgyz politician who served as the second President of Kyrgyzstan, from 2005 to 2010. Large opposition protests in April 2010 led to the tak ...

, was being pressured by both domestic actors and Russia to close a U.S. air base in Kyrgyzstan. ''

The Wall Street Journal ''The Wall Street Journal'' is an American business-focused, international daily newspaper based in New York City, with international editions also available in Chinese and Japanese. The ''Journal'', along with its Asian editions, is published ...

'' reported the attacks had been carried out by a Russian "cyber-militia".

Poland

A three-year pro-Russian disinformation campaign on

Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin M ...

with an audience of 4.5 million Poles was discovered in early 2019 by

OKO.press OKO.press is a Polish investigative journalism website created on 15 June 2016. The name is a word play on ''oko'', Polish for ''eye'', and an abbreviation for "Ośrodek Kontroli Obywatelskiej" (''Centre for Civic Control''). OKO.press is funde ...

and

Avaaz Avaaz is a U.S.-based nonprofit organization launched in January 2007 that promotes global activism on issues such as climate change, human rights, animal rights, corruption, poverty, and conflict. In 2012, ''The Guardian'' referred to Avaaz as ...

. The campaign published fake news and supported three Polish pro-Russian politicians and their websites:

Adam Andruszkiewicz Adam Andruszkiewicz (born 30 June 1990 in Grajewo) is a far-right Polish politician, who has been the President of the All-Polish Youth (Polish: Młodzież Wszechpolska) from 2015 to 2016, Member of the Polish Parliament (Polish: Sejm) of the V ...

, former leader of the ultra-nationalist and neo-fascist

All-Polish Youth The All-Polish Youth ( pl, Młodzież Wszechpolska) refers to two inter-linked Polish far-right ultranationalist youth organizations, with a Catholic-nationalist philosophy. Its agenda declares that its aim is "''to raise Polish youth in a Cath ...

and, , Secretary of State in the Polish Ministry of Digitisation;

Janusz Korwin-Mikke Janusz Ryszard Korwin-Mikke (; born 27 October 1942), also known by his initials JKM or simply as Korwin, is a Polish far-right politician, paleolibertarian and author. He was a member of the European Parliament from 2014 until 2018. He was the ...

; and

Leszek Miller Leszek Cezary Miller (Polish pronunciation: ; born 3 July 1946) is a Polish politician. He has served as a Member of the European Parliament (MEP) since July 2019. From 1989 to 1990 was a member of the Politburo of the Polish United Workers' P ...

, an active member of the

Polish United Workers' Party The Polish United Workers' Party ( pl, Polska Zjednoczona Partia Robotnicza; ), commonly abbreviated to PZPR, was the communist party which ruled the Polish People's Republic as a one-party state from 1948 to 1989. The PZPR had led two other lega ...

during the communist epoch and a prime minister of Poland during the post-communist epoch. Facebook responded to the analysis by removing some of the web pages.

Romania

Between late April and early May 2022, in the midst of the

, multiple Romanian government, military, bank and mass media websites were taken down after a series of DDoS attacks, behind which was a pro-

Kremlin The Kremlin ( rus, Московский Кремль, r=Moskovskiy Kreml', p=ˈmɐˈskofskʲɪj krʲemlʲ, t=Moscow Kremlin) is a fortified complex in the center of Moscow founded by the Rurik dynasty, Rurik dynasty. It is the best known of th ...

hacking group,

Killnet Killnet is a pro-Russia hacker group known for its DoS (denial of service) and DDoS (distributed denial of service) attacks towards government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. Th ...

. The hacking group described the cyberattacks to be a response to a statement made by then-

Senate president President of the Senate is a title often given to the presiding officer of a senate. It corresponds to the speaker in some other assemblies. The senate president often ranks high in a jurisdiction's succession for its top executive office: for ex ...

Florin Cîțu Florin Vasile Cîțu (; born 1 April 1972) is a Romanian politician who served as Prime Minister of Romania between December 2020 and November 2021 (acting (law), acting/ad interim between October and November 2021). Between September 2021 and A ...

that

Romania Romania ( ; ro, România ) is a country located at the crossroads of Central Europe, Central, Eastern Europe, Eastern, and Southeast Europe, Southeastern Europe. It borders Bulgaria to the south, Ukraine to the north, Hungary to the west, S ...

would provide

with military equipment.

South Korea

According to two

intelligence officials that talked to ''

The Washington Post ''The Washington Post'' (also known as the ''Post'' and, informally, ''WaPo'') is an American daily newspaper published in Washington, D.C. It is the most widely circulated newspaper within the Washington metropolitan area and has a large nati ...

'', and also the findings of cybersecurity analyst Michael Matonis,

Russia Russia (, , ), or the Russian Federation, is a List of transcontinental countries, transcontinental country spanning Eastern Europe and North Asia, Northern Asia. It is the List of countries and dependencies by area, largest country in the ...

is likely behind the cyber attacks against the

2018 Winter Olympics , nations = 93 , athletes = 2,922 (1,680 men and 1,242 women) , events = 102 in 7 sports (15 disciplines) , opening = , closing = , opened_by = President Moon Jae-in , cauldron = Kim Yun-a , stadium = Pyeongchang Olympic Stadium , winte ...

South Korea South Korea, officially the Republic of Korea (ROK), is a country in East Asia, constituting the southern part of the Korea, Korean Peninsula and sharing a Korean Demilitarized Zone, land border with North Korea. Its western border is formed ...

. The worm responsible for these cyber attacks is known as "Olympic Destroyer". The worm targeted all Olympic IT infrastructure, and succeeded in taking down WiFi, feeds to jumbotrons, ticketing systems, and other Olympic systems. It was timed to go off at the start of the opening ceremonies. It was unique in that the hackers attempted to use many false signatures to blame other countries such as

North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korea, Korean Peninsula and shares borders with China and Russia to the north, at the Yalu River, Y ...

and

China China, officially the People's Republic of China (PRC), is a country in East Asia. It is the world's most populous country, with a population exceeding 1.4 billion, slightly ahead of India. China spans the equivalent of five time zones and ...

Ukraine

In March 2014, a Russian cyber weapon called Snake or "Ouroboros" was reported to have created havoc on Ukrainian government systems. The Snake tool kit began spreading into Ukrainian computer systems in 2010. It performed Computer Network Exploitation (CNE), as well as highly sophisticated Computer Network Attacks (CNA). From 2014 to 2016, according to

CrowdStrike CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides cloud workload and endpoint security, threat intelligence, and cyberattack response services. The company has been involved in inves ...

, the Russian APT Fancy Bear used Android

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...

to target the Ukrainian Army's Rocket Forces and Artillery. They distributed an infected version of an Android app whose original purpose was to control targeting data for the D-30 Howitzer artillery. The app, used by Ukrainian officers, was loaded with the X-Agent spyware and posted online on military forums. CrowdStrike claims the attack was successful, with more than 80% of Ukrainian D-30 Howitzers destroyed, the highest percentage loss of any artillery pieces in the army (a percentage that had never been previously reported and would mean the loss of nearly the entire arsenal of the biggest artillery piece of the

Ukrainian Armed Forces , imports = , exports = , history = , ranks = Military ranks of Ukraine , country=Ukraine The Armed Forces of Ukraine ( uk, Збро́йні си́ли Украї́ни), most commonly known ...

.). According to the

Ukrainian army The Ukrainian Ground Forces ( uk, Сухопу́тні військá Збрóйних сил Украї́ни), also known as the Ukrainian Army, are the land forces of Ukraine and one of the five branches of the Armed Forces of Ukraine. They we ...

, this number is incorrect and that losses in artillery weapons "were way below those reported" and that these losses "have nothing to do with the stated cause". The U.S. government concluded after a study that a cyber attack caused a power outage in Ukraine which left more than 200,000 people temporarily without power. The Russian hacking group Sandworm or the Russian government were possibly behind the malware attack on the Ukrainian power grid as well as a mining company and a large railway operator in December 2015. A similar attack occurred in December 2016. In February 2021 Ukraine accused Russia of attacking the System of Electronic Interaction of Executive Bodies a web portal used by the Ukrainian government to circulate documents by uploaded documents that contained macroscripts which if downloaded and enabled would lead to the computer to secretly download

that would allow hackers to take over a computer. In January 2022, a cyberattack on Ukraine took down the website of the Ministry of Foreign Affairs and other government agencies. Although an investigation has not been conclusive the cyber attacks coincide with the Russo-Ukrainian crisis. In February 2022, before and after Russian troops entered eastern Ukraine amid an environment of escalating tensions between Ukraine and Russia, several major Ukrainian governmental and business websites were taken down by a series of cyberattacks. U.S. officials attributed the attacks to Russian attackers, although the Russian government denied involvement.

2014 Ukrainian presidential election

Pro-Russian hackers launched a series of cyberattacks over several days to disrupt the May 2014

Ukrainian presidential election Ukrainian presidential elections determine who will serve as the President of Ukraine for the next five years. Since the establishment of the position of the President of Ukraine in 1991, the presidential elections have taken place seven times: i ...

, releasing hacked emails, attempting to alter vote tallies, and delaying the final result with distributed denial-of-service (DDOS) attacks. Malware that would have displayed a graphic declaring far-right candidate

Dmytro Yarosh Dmytro Anatoliyovych Yarosh ( uk, Дмитро Анатолійович Я́рош; born 30 September 1971) is a Ukrainian activist, politician, nationalist and military commander who is the main commander of the Right Sector's Ukrainian Volu ...

the electoral winner was removed from Ukraine's Central Election Commission less than an hour before polls closed. Despite this,

Channel One Russia Channel One ( rus, Первый канал, r=Pervyy kanal, p=ˈpʲervɨj kɐˈnal, t=First Channel) is a Russian state-controlled television channel. It is the first television channel to broadcast in the Russian Federation. Its headquarters ...

"reported that Mr. Yarosh had won and broadcast the fake graphic, citing the election commission's website, even though it had never appeared there." According to Peter Ordeshook: "These faked results were geared for a specific audience in order to feed the Russian narrative that has claimed from the start that ultra-nationalists and

Nazis Nazism ( ; german: Nazismus), the common name in English for National Socialism (german: Nationalsozialismus, ), is the far-right totalitarian political ideology and practices associated with Adolf Hitler and the Nazi Party (NSDAP) in Na ...

were behind the revolution in Ukraine."

United Kingdom "Brexit" referendum

In the run up to the referendum on the United Kingdom exiting the

European Union The European Union (EU) is a supranational political and economic union of member states that are located primarily in Europe. The union has a total area of and an estimated total population of about 447million. The EU has often been des ...

Brexit Brexit (; a portmanteau of "British exit") was the withdrawal of the United Kingdom (UK) from the European Union (EU) at 23:00 GMT on 31 January 2020 (00:00 1 February 2020 CET).The UK also left the European Atomic Energy Community (EAEC or ...

"), Prime Minister

David Cameron David William Donald Cameron (born 9 October 1966) is a British former politician who served as Prime Minister of the United Kingdom from 2010 to 2016 and Leader of the Conservative Party from 2005 to 2016. He previously served as Leader o ...

suggested that Russia "might be happy" with a positive Brexit vote, while the Remain campaign accused the

of secretly backing a positive Brexit vote. In December 2016, Ben Bradshaw MP claimed in Parliament that Russia had interfered in the Brexit referendum campaign. In February 2017, Bradshaw called on the British intelligence service,

Government Communications Headquarters Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance (IA) to the government and armed forces of the Un ...

, then under

Boris Johnson Alexander Boris de Pfeffel Johnson (; born 19 June 1964) is a British politician, writer and journalist who served as Prime Minister of the United Kingdom and Leader of the Conservative Party from 2019 to 2022. He previously served as F ...

as Foreign Secretary, to reveal the information it had on Russian interference. In April 2017, the

House of Commons The House of Commons is the name for the elected lower house of the bicameral parliaments of the United Kingdom and Canada. In both of these countries, the Commons holds much more legislative power than the nominally upper house of parliament. ...

Public Administration and Constitutional Affairs Select Committee The Public Administration and Constitutional Affairs Select Committee, formerly the Public Administration Select Committee, is a select committee appointed by the British House of Commons to examine the reports of the Parliamentary and Health Se ...

issued a report stating, in regard to the June 2016 collapse of the government's voter registration website less than two hours prior to the originally scheduled registration deadline (which was then extended), that "the crash had indications of being a DDOS 'attack.'" The report also stated that there was "no direct evidence" supporting "these allegations about foreign interference." A

Cabinet Office The Cabinet Office is a department of His Majesty's Government responsible for supporting the prime minister and Cabinet. It is composed of various units that support Cabinet committees and which co-ordinate the delivery of government objecti ...

spokeswoman responded to the report: "We have been very clear about the cause of the website outage in June 2016. It was due to a spike in users just before the registration deadline. There is no evidence to suggest malign intervention." In June 2017, it was reported by ''

The Guardian ''The Guardian'' is a British daily newspaper. It was founded in 1821 as ''The Manchester Guardian'', and changed its name in 1959. Along with its sister papers ''The Observer'' and ''The Guardian Weekly'', ''The Guardian'' is part of the Gu ...

'' that "Leave" campaigner

Nigel Farage Nigel Paul Farage (; born 3 April 1964) is a British broadcaster and former politician who was List of UK Independence Party leaders, Leader of the UK Independence Party (UKIP) from 2006 to 2009 and 2010 to 2016 and Brexit Party#Leaders, Lea ...

was a "person of interest" in the United States

Federal Bureau of Investigation The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, ...

into Russian interference in the United States 2016 Presidential election. In October 2017, Members of Parliament in the

Culture, Media and Sport Committee The Digital, Culture, Media and Sport Select Committee, formerly the Culture, Media and Sport Select Committee, is one of the select committees of the British House of Commons, established in 1997. It oversees the operations of the Department fo ...

demanded that Facebook, Twitter, Google and other social media corporations, to disclose all adverts and details of payments by Russia in the Brexit campaign.

United States

In 1999,

Moonlight Maze Moonlight Maze was a 1999 US government investigation into a massive data breach of classified information. It started in 1996 and affected NASA, the Pentagon, military contractors, civilian academics, the DOE, and numerous other American governme ...

was the US investigation of a 1996-1999 Russian cyberattack against NASA, the Pentagon, the US military, civilian academics and government agencies. The cyberattack was attributed to Russian-state-sponsored hackers. The 2008 cyberattack on the United States was connected to Russian language threat actors. In April 2015,

CNN CNN (Cable News Network) is a multinational cable news channel headquartered in Atlanta, Georgia, U.S. Founded in 1980 by American media proprietor Ted Turner and Reese Schonfeld as a 24-hour cable news channel, and presently owned by ...

reported that "Russian hackers" had "penetrated sensitive parts of the White House" computers in "recent months." It was said that the FBI, the Secret Service, and other U.S. intelligence agencies categorized the attacks as "among the most sophisticated attacks ever launched against U.S. government systems." In 2015, CNN reported that Russian hackers, likely working for the Russian government, are suspected in the State Department hack. Federal law enforcement, intelligence and congressional officials briefed on the investigation say the hack of the State Department email system is the "worst ever" cyberattack intrusion against a federal agency. In February 2016, senior

advisor and top Russian cyber official Andrey Krutskikh told the Russian national security conference in Moscow that Russia was working on new strategies for the "information arena" that was equivalent to testing a

nuclear bomb A nuclear weapon is an explosive device that derives its destructive force from nuclear reactions, either fission (fission bomb) or a combination of fission and fusion reactions (thermonuclear bomb), producing a nuclear explosion. Both bomb ...

and would "allow us to talk to the Americans as equals". In 2016, the release of hacked emails belonging to the

Democratic National Committee The Democratic National Committee (DNC) is the governing body of the United States Democratic Party. The committee coordinates strategy to support Democratic Party candidates throughout the country for local, state, and national office, as well a ...

John Podesta John David Podesta Jr. (born January 8, 1949) is an American political consultant who has served as Senior Advisor to President Joe Biden for clean energy innovation and implementation since September 2022. Podesta previously served as White ...

, and

Colin Powell Colin Luther Powell ( ; April 5, 1937 – October 18, 2021) was an American politician, statesman, diplomat, and United States Army officer who served as the 65th United States Secretary of State from 2001 to 2005. He was the first African ...

, among others, through

DCLeaks DCLeaks (also known as DC Leaks) was a website that was established in June 2016. It was responsible for publishing leaks of emails belonging to multiple prominent figures in the United States government and military. Cybersecurity research firms d ...

and

was said by private sector analysts and US intelligence services to have been of Russian origin. Also, in December 2016, Republicans and Democrats on the Senate Committee on Armed Services called for "a special select committee to investigate Russian attempts to influence the presidential election". In 2018, the United States

Computer Emergency Response Team A computer emergency response team (CERT) is an expert group that handles computer security incidents. Alternative names for such groups include computer emergency readiness team and computer security incident response team (CSIRT). A more modern ...

released an alert warning that the Russian government was executing "a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities' networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks." It further noted that " ter obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems." The hacks targeted at least a dozen U.S. power plants, in addition to water processing, aviation, and government facilities. In June 2019, the ''New York Times'' reported that hackers from the

United States Cyber Command United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integra ...

planted malware potentially capable of disrupting the Russian electrical grid. According to ''

Wired ''Wired'' (stylized as ''WIRED'') is a monthly American magazine, published in print and online editions, that focuses on how emerging technologies affect culture, the economy, and politics. Owned by Condé Nast, it is headquartered in San Fra ...

'' senior writer

Andy Greenberg Andy Greenberg is a technology journalist serving as a senior writer at ''Wired'' magazine. He previously worked as a staff writer at ''Forbes'' magazine and as a contributor for Forbes.com. He has published the books '' This Machine Kills Secrets ...

, "The Kremlin warned that the intrusions could escalate into a cyberwar between the two countries." Over several months in 2020, a group known as APT29 or

Cozy Bear Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security ...

, working for Russia's Foreign Intelligence Service, breached a top cybersecurity firm and multiple U.S. government agencies including the Treasury, Commerce, and Energy departments and the National Nuclear Security Administration. The hacks occurred through a network management system called SolarWinds Orion. The U.S. government had an emergency meeting on 12 December 2020, and the press reported the hack the next day. When Russia's Foreign Intelligence Service performs such hacks, it is typically "for traditional espionage purposes, stealing information that might help the Kremlin understand the plans and motives of politicians and policymakers," according to ''The Washington Post,'' and not for the purpose of leaking information to the public. In February 2021 a report by Dragos stated that Sandworm has been targeting US electric utilities, oil and gas, and other industrial firms since at least 2017 and were successful in breaching these firms a "handful" of times. In May 2021, the

Colonial Pipeline ransomware attack On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized e ...

was perpetrated by Russian language hacking group DarkSide. It was the largest cyberattack on an energy infrastructure target in US history. Colonial Pipeline temporarily halted the operations of the pipeline due to the ransomware attack. The Department of Justice recovered the bitcoin ransom from the hackers.

Venezuela

After the news website Runrun.es published a report on extrajudicial killings by the

Bolivarian National Police The Policía Nacional Bolivariana ( es, Bolivarian National Police, PNB) is Venezuela's national police force, created in 2009. Law enforcement in Venezuela has historically been highly fragmented, and the creation of a national police force was ...

, on 25 May 2019, the Venezuelan chapter of the ''Instituto de Prensa y Sociedad'' (IPYS), pointed out that the website was out of service due to an uncached request attack, denouncing that it originated from Russia.

False alarms

On 30 December 2016, Burlington Electric Department, a Vermont utility company, announced that code associated with the Russian hacking operation dubbed Grizzly Steppe had been found in their computers. Officials from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence warned executives of the financial, utility and transportation industries about the malware code. The first report by ''The Washington Post'' left the impression that the grid had been penetrated, but the hacked computer was not attached to the grid. A later version attached this disclaimer to the top of its report correcting that impression: "Editor's Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid."