Cyber Berkut
Description
(Recorded Future) Recorded Future has collected threat intelligence on the hacking activities of Cyber Berkut for over a year, aligning with the first month of ground fighting in Ukraine, at which time the group began coordinated cyber attacks. This article presents temporal and technical analysis of these activities, based on open source intelligence (OSINT) from the Web. Appropriating the Ukrainian special police force name and logo, the group has aligned itself as pro-Russian, anti-Ukrainian, and most recently attacked Western intervention efforts in the Ukrainian conflict. While the group has taken Ukrainian identities, technical links and contextual analysis connect the group to Russia.
The group began with successful distributed denial of service (DDoS) attacks on multiple NATO websites just as separatists in the physical world were beginning to storm military buildings. Since their initial attacks the group has continued to take down websites, and most recently leaked confidential documents between US billionaire George Soros and the Ukrainian prime minister and president which contained plans for Western intervention.
Names
| Name | Name-Giver |
|---|---|
| Cyber Berkut | self given |
| Kiberberkut | self given |
Country
Motivation
- Information theft and espionage
- Sabotage and destruction
First Seen
2014
Observed Sectors
Observed Countries
Operations
- 2014-03: Nato websites disabled by cyber attack on eve of Crimea vote https://www.ft.com/content/b822d5cc-ace6-11e3-8ba3-00144feab7de
- 2014-07: ‘Cyber Berkut’ Hackers Target Major Ukrainian Bank https://www.themoscowtimes.com/2014/07/04/cyber-berkut-hackers-target-major-ukrainian-bank-a37033
- 2015-01: German government websites, including Chancellor Angela Merkel’s page, were hacked on Wednesday in an attack claimed by a group demanding Berlin end support for the Ukrainian government, shortly before their leaders were to meet. https://www.reuters.com/article/us-germany-cyberattack/pro-russian-group-claims-cyber-attack-on-german-government-websites-idUSKBN0KG15320150107
- 2015-05: Cyber Berkut Graduates From DDoS Stunts to Purveyor of Cyber Attack Tools https://www.recordedfuture.com/cyber-berkut-analysis/
Information
Other Information
Uuid
c375b720-a3ec-464a-a81d-891c24f3e325
Last Card Change
2020-04-19