by Kateryna Mishchenko
On December 27, Ukrainian cyber specialists paralyzed the operation of one of the largest Enterprise Resource Planning (ERP) systems in Russia, 1C-Rarus. This was stated by Minister of Digital Transformation of Ukraine Mykhailo Fedorov. 1C-Rarus is an ERP system that automates accounting, management, and tax accounting. It is widely used for accounting purposes in Moscow and throughout Russia, helping businesses automate bookkeeping, track goods and financial movements, handle personnel and client transactions, and generate tax declarations. This system has 150,000 users, including major technological giants and war sponsors like Tatneft and VTB. The Minister Fedorov stated that clients are unable to use accounting services, and businesses, including shops and gas stations, cannot process payments due to the system’s disruption. This situation is causing significant financial losses for the Russian economy.
Ukrainian IT Army
Before the full-scale invasion, Russia tested Ukraine’s cybersecurity capabilities through low-level constant attacks. A major attack occurred on January 14, 2022, when Russia targeted over 20 Ukrainian state institutions. Anonymous, a global hacktivist group, joined forces with the Ukrainian IT Army to support Ukraine in cyberspace. During the war’s initial days, the IT Army had 175,000 volunteers worldwide, including white-hat hackers, activists, and representatives from companies like SpaceX. Anonymous launched DDoS attacks on Russian corporate, news, and government websites, compromising over 90 databases of Russian telecommunications, retail, and government organizations. The cumulative effect of cyberattacks revealed Russia’s vulnerability and contributed to economic challenges.
In November of the previous year, the Ukrainian IT Army paralyzed over 900 Russian online resources, including the Central Bank of Russia and military supply stores. In particular, the IT Army disrupted the operation of the following websites: Military equipment stores and drone/radio device shops – The IT Army conducted a series of Distributed Denial of Service (DDoS) attacks on specialized stores, preventing mobilized Russians, whether through official channels or volunteers, from purchasing quality gear. Central Bank of Russia – Cyber experts from the IT Army disclosed information about the bank’s personnel, specialized systems, and source files.
Platforms of pro-Russian volunteers called Dobro, where gatherings in support of the war were organized. Additionally, the IT Army targeted the following entities: Alfa-Bank Ozon marketplace RTS-Tender platform, Roseltorg platform, National Center for Artificial Intelligence Development. They also extended greetings to Ukrainians on 60 Russian resources, including the websites of ministries, services, and administrations, celebrating the Day of Dignity and Freedom.
In June, hackers used artificial intelligence to create a deepfake of Russian President Putin, announcing a fictional invasion by Ukrainian forces. Later, Russian railways reported a breach in ticket sales systems due to a “massive” attack, disrupting services temporarily. In the same month, the country’s interbank payment system briefly halted, affecting financial flows between its institutions. A Ukrainian hacker group claimed responsibility for breaching the communication systems of the Bank of Russia in April, disrupting the central bank’s connections with the outside world. In July, over 50 Russian companies supporting Kremlin actions against Ukraine faced website defacements on the birthday of the Chief Commander of the Armed Forces of Ukraine, Valeriy Zaluzhnyi.
Cyberattacks in Response to a Massive Hack on Kyivstar
On December 18, hackers in temporarily occupied Crimea played a song about Ukraine’s main intelligence agency on a radio station for about 1.5 hours. Two days later, Ukrainian hackers from the BlackJack group destroyed the IT infrastructure of the Rosvodokanal company, a major Russian private entity, resulting in the blockage of its operations. The cyber operation involved gaining access to numerous documents, encrypting over 6,000 computers, deleting more than 50 terabytes of data, including internal documents, corporate emails, cybersecurity services, and backup copies. Rosvodokanal provides water supply to 7 million consumers and is part of the Alfa Group, headquartered in Moscow.
Cover photo by ADragan/Shutterstock.com
On the cover photo,