A Timeline of Russian Cyber-Exploits

We have been investigating Russian cyber-attacks this week.  Today we publish a timeline of Russian cyber-activities.  In the interest of space, I am publishing just the timeline with little descriptive content.  I have included a download link to a PDF and spreadsheet of the timeline with more detail, and links to sources.

Notice how these cyber attacks started out in 2004 as small, unsophisticated attacks against former soviet-bloc countries, done with as much secrecy and deniability as possible.  As the Russians gained experience, and learned that there would be few, if any consequences from the west, they became bolder and more daring.  They are at the point now where there is little concern from them about attribution and deniability, it is now just a part of there intelligence and military operations and foreign policy.

Timeline of Russian Cyber Attacks PDF, no links

Timeline of Russian Cyber Attacks XLSX, links to source

Date Attack Actor Actions
6/26/2004 Operation Pawn Storm Fancy Bear Espionage
1/1/2005 Turla aka Uroburos or Snake (2005 – 2014) Venomous Bear Political espionage and surveillance of western embassies
4/1/2007 Estonian DDoS April-May 2007 Russian Cyber-crime or Hacker Collective DDoS on Estonian financial institutions
6/1/2008 Lithuanian Web Site Defacement Russian Cyber-crime or Hacker Collective Web site defacement
8/1/2008 Georgian Internet Shut Down Russian Cyber-crime or Hacker Collective DDoS againt Internet access
1/1/2009 Kyrgyzstan Internet DDoS Russian Cyber-crime or Hacker Collective DDoS againt Internet access
4/1/2009 Kazakhstan DDoS Russian Cyber-crime or Hacker Collective DDoS againt media outlet
8/1/2009 Georgian Facebook and Twitter Shut Down Russian Cyber-crime or Hacker Collective Shut down Twitter and Facebook in Georgia
1/1/2012 Red October (2012) FSB Espionage
7/26/2013 Authorities bust Russian credit card hackers Russian Cyber-crime or Hacker Collective Response from the west against cybercrime group
3/1/2014 Cyber and Military Annexation of Crimea GRU Coordinated military and cyber DDoS attack
3/6/2014 US sanctions Russia over Ukraine and Crimea USA Western sanctions against Russia
5/1/2014 Ukrainian Presidential Election Interference Russian Cyber-crime or Hacker Collective Cyber attack against Ukrainian election commission
10/13/2014 iSight Report Sandworm Espionage
10/17/2014 State Department Email Breach Cozy Bear Espionage, email account hijacking
10/29/2014 White House Breach Cozy Bear Espionage, email account hijacking
4/8/2015 French TV5 Monde Fancy Bear or Cozy Bear Take down television station
4/8/2015 Crowdstrike Report on Russian Cyber Activity Cozy Bear Report on Russian cyber activity
5/8/2015 Bundestag Surveillance Fancy Bear Espionage
6/1/2015 Office of Personnel Management Cozy Bear Identity theft, theft of PII
6/1/2015 DNC Infiltration  (June 2015 to November 2016) Cozy Bear Election interference, espionage
7/25/2015 Pentagon Joint Chiefs Email Compromise Russian Cyber-crime or Hacker Collective Espionage, military intellegence gathering
10/1/2015 Dutch Government Breach regarding Flight MH17 Attributed to Russian Government Information theft, coverup of military action
12/23/2015 Ukrainian Power Grid Attack Russian Cyber-crime or Hacker Collective Coordinated military and cyber infrastructure attack
1/1/2016 Finnish Foreign Ministry Russian Cyber-crime or Hacker Collective Espionage
3/19/2016 John Podesta (DNC) Email Compromise Cozy Bear Election interference, espionage, kompromat
4/1/2016 Second DNC Attack Fancy Bear, Cozy Bear Election interference, espionage
6/15/2016 Crowdstrike Report on DNC Attacks Fancy Bear, Cozy Bear Report on Russian cyber activity
7/8/2016 US Election Systems Attributed to Russian Government Election interference, espionage, identity theft
7/22/2016 Wikileaks Published DNC Emails Wikileaks Kompromat or public embarrassment, election interference
7/28/2016 Cyber Attack Against Democratic Congressional Campaign Committee (DCCC) Attributed to Russian Government Election interference, espionage
9/13/2016 Colin Powell Gmail Leak Attributed to Russian Government Espionage, military intellegence gathering
10/9/2016 Podesta Emails Published Wikileaks Kompromat or public embarrassment, election interference
10/17/2016 Email and Network Breaches Attributed to Russia By DHS DHS Attribution to Russia
11/9/2016 Phishing Attacks on Think Tanks and NGOs Attributed to Russian Government Espionage, information gathering
12/1/2016 German Election Interference Attributed to Russian Government Election interference
12/22/2016 Ukrainian Army Android hack Fancy Bear Military tactic to use GPS to locate targets.
12/29/2016 Russian Diplomats Expelled President Obama US sanctions against Russia
12/29/2016 Report on Grizzly Steppe US-CERT, DHS US-CERT DHS joint report
12/31/2016 Vermont Electric Attack Grizzly Steppe Access of energy company laptop
2/3/2017 Cyber attacks on Norway and Netherlands governments Cozy Bear Disruptions of government operations
2/10/2017 Enhanced Analysis of GRIZZLY STEPPE Activity US-CERT, DHS US-CERT DHS joint report
3/1/2017 German and French Election Campaigns (March, April, May 2017) Fancy Bear Election interference
5/23/2017 Qatar News Agency Breach Attributed to Russian Government To create divishions between mid-eastern governments and the US
7/9/2017 Power plant breaches Dragonfly Remote access and control of energy infrastructure
9/13/2017 DHS Bans Kaspersky DHS, FBI US sanctions against Russia
1/22/2018 Russia Meddles in Swedish Elections Attributed to Russian Government Election interference
2/15/2018 Petya Ransomware US-CERT, DHS Operational disruption of targeted business sectors
3/15/2018 Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors US-CERT, DHS Operational disruption and control of targeted business sectors
4/20/2018 Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices US-CERT, DHS Operational disruption and control of targeted business sectors
11/16/2018 US spear-phishing campaign Cozy Bear Operational disruption and control of targeted government and business sectors
11/20/2018 new malware against US and European targets Fancy Bear Operational disruption and control of targeted government and business sectors

More information:

1

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Comments

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.