Aggressors may conduct multi-stage attacks in the digital environment for espionage, data theft, destruction of critical infrastructure, and paralysis of state institutions. These operations span a wide range of tactics: from reconnaissance, gaining initial access (for example, through phishing, account compromise, or supply chain attacks), and establishing persistence in the system, to defense evasion, credential theft, and information exfiltration. The final stage is often a destructive effect (Impact), such as data destruction, disk wiping, or Denial of Service attacks. These techniques are covered in more detail in the specialized MITRE ATT&CK framework.
| ID | Name | Description |
|---|---|---|
| C0101 | Continuation of the Russo-Ukrainian War: Armed Aggression in the Donbas (2014–2015) |
Use of the Fancy Bear hacker group, controlled by the security services, to compromise the software of Ukrainian artillery crews (through infection of Yaroslav Sherstiuk's application) in order to obtain geolocation data and destroy the artillery of the Armed Forces of Ukraine[1]. Targeted cyberattacks by Russian security services on distribution substations of the Ukrainian power grid in the winters of 2015 and 2016, aimed at causing mass power outages for the civilian population[2][3]. |
| C0103 | Full-Scale Invasion (from February 24, 2022) |
Large-scale operations by the security services of the Russian Federation involving cyberespionage, data interception (including through the hacking of public Wi-Fi networks), and the covert deployment of destructive software against Ukrainian organizations and citizens[4][5]. |
| G0011 | Russian Federation |
Use of the Fancy Bear hacker group, controlled by the security services, to compromise the software of Ukrainian artillery crews (through infection of Yaroslav Sherstiuk's application) in order to obtain geolocation data and destroy the artillery of the Armed Forces of Ukraine[1]. Targeted cyberattacks by Russian security services on distribution substations of the Ukrainian power grid in the winters of 2015 and 2016, aimed at causing mass power outages for the civilian population[2][3]. |
| G0011 | Russian Federation |
Large-scale operations by the security services of the Russian Federation involving cyberespionage, data interception (including through the hacking of public Wi-Fi networks), and the covert deployment of destructive software against Ukrainian organizations and citizens[4][5]. |
| S0017 | Secret Police and Security Services |
Use of the Fancy Bear hacker group, controlled by the security services, to compromise the software of Ukrainian artillery crews (through infection of Yaroslav Sherstiuk's application) in order to obtain geolocation data and destroy the artillery of the Armed Forces of Ukraine[1]. Targeted cyberattacks by Russian security services on distribution substations of the Ukrainian power grid in the winters of 2015 and 2016, aimed at causing mass power outages for the civilian population[2][3]. |
| S0017 | Secret Police and Security Services |
Large-scale operations by the security services of the Russian Federation involving cyberespionage, data interception (including through the hacking of public Wi-Fi networks), and the covert deployment of destructive software against Ukrainian organizations and citizens[4][5]. |