Russian Military Intelligence Agency (GRU) targets Ukrainian businesses and infrastructure with cyberattack
Between 2015 and 2017, officers from Russia’s Military Intelligence Agency (GRU) targeted key infrastructure and undisclosed businesses in Ukraine with Cyber Operations according to a report by the UK Government’s National Cyber Security Centre (NCSC).  NCSC experts assess that GRU officers mounted a ransomware attack against the Kyiv metro network and the Odessa airport using a version of ransomware called “Bad Rabbit.” Ransomware encrypts critical documents and coerces victims to pay for the decryption of their own sensitive materials. According to technology magazine the Verge, the attack even affected the safety control systems of the Chernobyl power station, forcing the facility to shift to manual operations. The attackers simultaneously stole confidential information from several unnamed Ukrainian businesses. The NCSC believes with “high confidence” that GRU officers were behind the attacks, and that the actors likely belonged to the same group as the suspects in the March 2018 Salisbury chemical attack. The NCSC report also provided evidence of three other Russian government Cyber Operations against targets in the United States, United Kingdom, and Canada between 2015 and 2017.

About This Incident

Threat Actors: Russia

Incident Metadata

Date: 2015 - 2017
Country: Ukraine