DDoS attacks surge in popularity in Ukraine — but are they more than a cheap thrill?

This past weekend, Russia’s major cinema chains were dragged into the war in Ukraine when, over a period of a few hours, their websites suffered a series of distributed denial-of-service (DDoS) attacks. Across the country, at least 80 cinemas, including Kinomax, Mori Cinema, Luxor and Almaz, were unable to sell tickets online. 

The group taking credit for the attacks is Ukraine’s most famous collection of hacktivists — the IT Army — who on July 11 wrote on its Telegram channel: “The fewer tickets Russians buy online, the less money goes to the state budget to finance the war in Ukraine.”

These attacks are representative of a broader pattern in cyberspace: DDoS operations in the region have skyrocketed over the last five months, and are increasingly targeting commercial interests, but analysts say their impact on the battlefield has been negligible. “DDoS attacks will not help win the cyber war,” said Yegor Aushev, CEO of the Kyiv-based cybersecurity firm Cyber Unit Technologies. “But they are causing economic and commercial damage.”   

The cyber war between Ukraine and Russia led to a 46% increase in DDoS attacks between January and March, according to cybersecurity firm Kaspersky. Between April and June, the rate of DDoS attacks slowed, but still exceeds figures from the same period last year, Kaspersky security expert Alexander Gutnikov told The Record.

DDoS attacks are also becoming more innovative, and on average last longer than before. “Some of the attacks we observed lasted for days and even weeks,” Gutnikov said, when under normal circumstances they might take a website down for a few hours, or minutes. 

But if DDoS attacks don’t help Ukraine or Russia actually win the war, why are they so popular? The answer may lie in their simplicity.

Flooding websites with junk traffic to knock them offline is one of the easiest ways to attack in cyberspace. There are tutorials on YouTube and in online games that help users perform a DDoS attack with just a laptop or mobile phone.

“A lot of people do it for fun,” said Dyma Budorin, CEO of Hacken, a Ukrainian cybersecurity consulting company. “Some Ukrainian hacktivists, for example, gather on Friday nights to drink beer and launch DDoS attacks against Russia.”


In the early days of the war, Budorin launched a computer app called Liberator, which automatically activates DDoS attacks on Russian websites. One doesn’t need any technical knowledge to run the program, according to Budorin. “Any housewife can do it,” he said. 

More than 100,000 people have downloaded the app but fewer than 3,000 are using it today, according to Liberator’s website.

“The app was more popular in the early weeks of the war,” Budorin said, and at one point, more than 6,000 people were running it online.

Using the app had a psychological impact, he said. When the war began, many Ukrainians wondered how they could help their country while being forced to hide in bomb shelters. "DDoS allowed them to attack Russian websites and watch them get shut down in real time," Budorin said.

Other tools for carrying out DDoS attacks against Russia proliferated: a website that mimics the popular 2048 puzzle game, where, according to the developers, every user move puts a load on the Russian network; software called Death by 1,000 needles (DB1000N), available on GitHub; tutorials on an educational website for hackers called HackYourMom Academy.

IT Army claims to have attacked nearly 5,500 Russian websites since the start of the war. Russian banking and financial services, as well as online media, were the most vulnerable to the attacks in recent months, according to data shared with The Record by U.S.-based DDoS protection company Cloudflare. Some attacks, however, have targeted civilian services, including food delivery websites, universities and e-commerce sites. 

“The only benefit of IT Army’s DDoS was that thousands of people came together and felt useful in their resistance against Russia,” according to Aushev.

Especially at the beginning of the conflict, attacks lacked coordination, and in some cases hacktivists hit websites where another group was already working, nullifying both efforts, according to Budorin.

This lack of planning makes sense given that IT Army is an independent group of volunteer hackers, not a trained cyber army unit.

“We do not coordinate cyber volunteers in their attacks and have no information on any such coordination centers,” Ukrainian security official Victor Zhora said.

Another challenge is the need to sustain attacks over a long period of time. “You can suspend the service for a day, but it will not give a long-term result,” Budorin said.

Russia, in turn, is actively hacking back. From January to June this year, Ukraine recorded more than 14,000 DDoS attacks on its services, Zhora told The Record. The most popular targets, he said, are government websites. Cloudflare, meanwhile, said that Ukrainian broadcast media have suffered the most.

Facing an onslaught of online attacks, both sides have done their best to adapt by strengthening cyber defenses. “Both Ukrainians and Russians have become world experts in how to conduct and how to defend against DDoS,” Budorin said.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.