After the full-scale Russian war in Ukraine, one of the information war activities between the two countries was Russian web resources began to experience powerful and long-lasting DDoS attacks from Ukrainians and tens of thousands of caring people from all over the world. Both state and commercial resources target cyberattacks: websites of state bodies and state information systems, banks and commercial enterprises, gaming and entertainment services, mass media, sports and public organizations, educational and medical institutions, financial exchanges, and trading platforms.
Victory Day is a sacred holiday in Russia. It was on May 9, 2022, when Runet users got very unpleasantly surprised. The IT army of Ukraine attacked Rutube – the propaganda resource of the aggressor country. The service was down almost all day and issued a screen saver “restoration work is in progress.” In the evening, the administration admitted that the resource had suffered the most extensive attack. As a result, 75% of the infrastructure and the database of the main version of Rutube were affected. The service resumed operation with significant interruptions only on May 12. It took almost three weeks to restore the service entirely. One of the reasons for the cyber attack could be the leakage of access codes to the site.
In addition to Rutube, the goal of the Ukrainian cyber army was to prevent the broadcast of the Russian military’s “parade of lies and shame, which is used by the Kremlin authorities to promote a new destructive war.” Ukrainian hackers call the Rutube to hack the most significant victory since the beginning of the cyber war with Russia.
The Rutube management knew in advance about the vulnerability of the service. The cost of damages, including restoring the service and loss of advertising revenue, can range from 500 million to 1 billion rubles, i.e., up to 15 million US dollars.
Cyberattacks cause inconvenience and damage not only for propaganda channels and resources of Russia but also for the country’s ruling elite. On June 17, due to massive DDoS attacks on the systems of the St. Petersburg International Economic Forum, the president of the aggressor country, Putin, had to postpone his speech at the forum for an hour.
According to Putin’s press secretary, massive DDoS attacks on Internet resources and the accreditation system of the forum began on June 16, a day before it began. Hackers managed to disable the database of forum participants, the accreditation system, and the badge admission system; there were also problems with confirming access to the central system meeting and issuing new badges.
Almost immediately after Russia’s insidious attack on Ukraine, users of Russian banks, including Sberbank, VTB, Tinkoff Bank, and Raiffeisenbank, began to experience problems with accessing mobile banking applications, in particular, the impossibility of authorization in mobile applications and bank websites, as well as problems with making money transfers.
In May, clients of some more Russian banks, including Interprogressbank, Rosbank, Moskommertsbank, Russian National Commercial Bank, and others, faced problems. On May 6, Sberbank experienced the most powerful DDoS attack in its history (more than 450 gigabytes per second).
The aggressor country uses the income from the oil refining industry to finance the military sphere; therefore, this industry is a sponsor of terrorism. At the end of February, DDoS attacks began targeting oil and gas giants: Gazprom, Rosneft, Lukoil, Transneft, Nornickel, and others. It caused problems with access to the sites of these companies and disruptions in their internal work.
In May, dozens of Russian electronic systems for public procurement were downed for more than two weeks in a row, due to which the Russians were constantly interrupted in their bidding. DDoS attacks caused service failures. The Federal Treasury of Russia plans to spend 874.7 million rubles (over 10 million US dollars) on protecting the public procurement portal from hackers. Due to prolonged DDoS attacks, public procurement services can “go into shadow”, which will lead to a decrease in the transparency of the procurement process for the public, and, as a result, will contribute to an increase in the scale of corruption in this field.
Russia’s service and entertainment sector also felt the consequences of aggression against Ukraine.
As a result of DDOS attacks, on June 24, the work of several taxi services in Russia was stopped: Uber Russia, Yandex Go, Maxim, and Vezet. Users of these mobile applications complained about the inability to request a ride. As a result of DDOS attacks, on April 5, there were problems with access to the Yandex Music website and mobile application.
The tax system collects financial resources used to develop the military industry. Therefore, it is necessary to make it as inconvenient as possible, and sometimes even impossible, to prepare and submit tax documentation on time by business entities in the Russian Federation.
As a result of DDoS attacks, in April, the work of 1C services: 1C: Reporting, EDO, KryptoPRO, and VIPNet was disrupted, and a vast number of Russian companies could not send a report from 1C to the Tax Office.
Alcohol sales bring significant tax revenues to the budgets of many countries, including Russia. Increasing alcohol prices always causes adverse reactions in society, especially during the holiday season. In May this year, cyber forces fighting on the side of Ukraine decided to focus their DDoS attacks on the EGAIS portal, which is a crucial link in the distribution of alcohol products in Russia. For the distribution of alcoholic beverages, manufacturers and distributors are required by law to enter product information into the EGAIS portal. Due to the unavailability of the portal caused by cyber attacks, the functioning mechanism of the alcohol supply chain was disrupted. Many factories decided to stop shipping to warehouses completely, and some had to close production temporarily. As a result, there was a decrease in alcohol production and an increase in its cost due to shortages.
By limiting the access of business entities to the Internet, hackers bring chaos to the functioning of many sectors of the Russian economy. In March 2022, the Ukrainian provider Lurenet secretly intercepted Russian traffic. As a result, the Russian providers Rostelecom, Transtelecom, Megafon, Beeline, and MTS started having problems with access to the network. According to experts, 146 autonomous systems around the world and Russian sites were affected as a result of the incident. There was no access to them both in Russia and outside. The interception organized by Laurent shut down the websites of the Moscow Metro and the Russian Ministry of Science and Higher Education for at least 10 hours. Also, the “Strategy of the Russian Federation” portal was down.
People are used to planning their trips online. Violating this opportunity, hackers make ordinary citizens feel discomfort and think about its causes. In May 2022, cyber activists actively redirected their resources towards services for selling and buying airline tickets. On May 13, due to DDoS attacks, the websites of the Russian airlines Rossiya, Aurora, ALROSA, NordStar, Yamal, and Smartavia did not work. In March, there were problems with access to the website of the largest state airline in Russia – Aeroflot.
Up until June 2022, insurance companies of the Russian Federation were not exposed to massive DDoS attacks, when the company AlfaStrakhovanie-Zhizn encountered problems in its work. The issues related to the operation of the site and several client services, in particular the “hotline. Among the victims of the attacks were Rosderzhstrakh, Absolut Strahovanie, Zetta Strahovanie, Tinkoff Strahovanie, Russian Standard Strahovanie and others. They experienced interruptions in the functioning of their websites.
In March this year, DDoS attacks were carried out on Russian delivery services. As a result, the Boxberry delivery service has partially suspended its work. There were problems with accessing the site, placing orders, and sending and receiving parcels. Due to the cooperation of the delivery service with the Avito bulletin board, the latter encountered problems with sending parcels.
Online shopping has become especially popular during the recent coronavirus pandemic. On March 31, due to a hacker attack, there was a global failure in the operation of the Wildberries online store. Russian users could not make online purchases for more than a day. Before that, on March 14, the service was also down due to DDoS attacks.
On May 16, the Russian analog of Google Play – NashStore – was launched. Almost immediately after the launch, the service suffered a DDoS attack, due to which many users could not download the program, and the website of the online store was unavailable.
s a result of cyberattacks, Russian users started having problems accessing government websites. The leading Russian public service portal faces DDoS attacks almost every day. Since February 2022, the “Gosuslugy” portal has recorded a nearly 10-fold increase in server load. The DDoS attack affected the mobile application, the payment system, and the life support system of the electronic government infrastructure of the Russian Federation. As a result of DDoS attacks, users are constantly facing problems with authorization on the site and access to the mobile application. Many services became unavailable due to frequent failures in the request processing (widespread complaints: it is impossible to make an appointment with a doctor or submit an application to the State Statistics Service and other state structures).
In the second half of June, the universities’ admission campaign began in Russia. At the same time, the servers of many Russian universities in all regions of the country were subjected to a large-scale DDoS attack, which covered the websites of the Moscow Polytechnic University and the People’s Friendship University of Russia. As a result, the mechanism of submitting documents in an online format through university websites was disrupted. The government offered an alternative – submission of documents through the “State Services” portal, which, in turn, was also subjected to massive DDoS attacks during the same days.
In war conditions, the information siege of propaganda sites is critical.
On February 24, the official websites of the Kremlin, the State Duma, and the Ministry of Defense of the Russian Federation stopped working due to cyber attacks. In March, the official websites of the FSB, the Ministry of Sports, and the National Guard of Russia became unavailable.
It is also interesting that at the end of February, the management removed the security certificate from the Kremlin website, leaving only HTTP, which, as a rule, does not guarantee security when connecting.
On February 25, the Russian TV channel RT, the server of the portal Lenty.ru, Gazety.ru, and Rambler were subjected to massive DDoS attacks, after which they stopped working for some time. On February 28, the Russian mass media could not withstand the attacks of the hacker group Anonymous, as a result of which the websites of the TARS news agency, as well as the Kommersant, Izvestia, Fontanka, Mel, and Forbes publications, were hacked. Also, during the war, the following mass media were subjected to DDoS attacks: Zebra TV, Chesnok, Tomix, RIA56, NewsNN, and others. These media were either unresponsive or difficult to access.
“In war, all means are good” – this phrase is attributed to the politician and writer Niccolò Machiavelli. DDoS attacks are making the situation in the country shaky. The war affected many people, and every day the scale of destruction and tragedy only increases. People lose their homes, relatives, and their lives. Everyone hopes for a complete victory in Ukraine as soon as possible. At first, the Ukrainians hoped that the Russians would be against the war: they would go to rallies and stop hostilities or demand a change of government, but time and research have shown that people there are very “pro” war.
Of course, making adjustments for the possible error with the fact that “who shouts louder is heard more” and only a minority supports the war, and its opponents are simply silent. Even if that is the case, while they are quiet, our people are dying, and our country’s economy is deteriorating. Therefore, we must do everything to win the war as soon as possible. The activity of our cyber army, together with the actions of the Armed Forces of Ukraine, volunteers, and activists, are doing a great job.
Like any other Ukrainian activists, we spent a lot of time at the beginning of the war sending out newsletters to Russians with objective information about Russia’s actions in our country. We attached photos of destroyed buildings and wrote mind-numbingly stories of Ukrainians. We tried in every way to reach the Russians and ask them for help. Someone even used a photo of Russian soldiers’ corpses so that people were afraid to go or send their relatives to the war in Ukraine. All this probably had an effect, but not enough since the war is still ongoing.
We do not take into account what can happen with the human factor. We categorize Russians into one column – citizens of the country. When we launch a DDoS attack on resources that Russians use in their daily lives, we are not trying to make things as bad as possible for specific people. Instead, our goal is to change the course of the current situation. We want people to question their “truth”. We want crises to contribute to a reduction in the funding of the occupation army by the Russian government. We are trying to end the war behind Russia. We are trying to do everything to restore sustainable peace in Ukraine.