Ukrainian parliamentary election interference (2014)
|Date||October 2014 shortly before the Ukrainian parliamentary elections were held.|
|Suspected Actor||A pro-Russian hacktivist group called CyberBerkut with suspected ties to the GRU hacker group known as APT28 (or Fancy Bear) was allegedly responsible for the attacks.|
|Target and Method||Four days before the national vote, the Ukrainian central election system was compromised and critical files were deleted, rendering the vote-tallying system inoperable; three days before the national vote, CyberBerkut released exfiltrated data onto the internet as proof of the success of the operation.
Malware, which would have portrayed ultra-nationalist candidate Dmytro Yarosh as the winner with 37 percent of the vote and candidate Petro Poroshenko as having 29 percent of the vote, was installed.
Shortly after polls closed, the website of the Ukrainian Central Election Commission, which organized the elections, was shut down. Ukrainian security officials characterized the operation as a distributed denial-of-service (DDoS) attack, which can slow down or disable a network by flooding it with communications requests.
|Purpose||The Central Election Commission described the attack as "just one component in an information war being conducted against our state". The attack can be seen as part of the ongoing conflict between Russia and Ukraine, which had started with the annexation of the Crimean Peninsula by Russia in February-March 2014.|
|Result||The vote-tallying system was restored, using backups, three days before the national vote.
Ukrainian cybersecurity personnel were able to remove the malware 40 minutes before election results went live, preventing it from releasing erroneous results.
Election results were blocked for two hours and the final tally was delayed. Nonetheless, Ukrainian officials announced that they had prepared for the possibility of a DDoS attack and used a backup to restore the entire system.
|Aftermath||Russian media announced that Dmytro Yarosh had won the election with 37 percent of the vote and that Petro Poroshenko had obtained 29 percent of the vote, despite such erroneous results never having been publicly released by Ukrainian officials.
In 2015, Ukraine was subject to another cyber operation conducted against the Ukrainian power grid.
In 2018, Ukrainian officials noted that they were planning to upgrade their information technology infrastructure prior to the 2019 presidential election in order to address a range of cyber security threats that they had expected to face.
|Analysed in||Scenario 01: Election interference|
- A Greenberg, 'Everything We Know About Russia's Election-Hacking Playbook' Wired (6 September 2017).
- M Clayton, 'Ukraine election narrowly avoided "wanton destruction" from hackers' CS Monitor (17 June 2014).
- 'Hackers target Ukraine's election website' AFP (25 October 2014).
- See, eg, 'International armed conflict in Ukraine' Rule of Law in Armed Conflicts (12 September 2017).
- OSCE, 'Ukraine: Presidential Election 31 March 2019 - ODIHR Needs Assessment Mission Report' (21 December 2018) 7.