Soldiers in front of the Kremlin

Ukraine’s security service detains member of Russian ‘Cyber Army’

Ukraine's security service, the SBU, said it had detained a suspected member of the pro-Kremlin hacker group known as the Cyber Army of Russia.

The suspect, a tech specialist from the northeastern Ukrainian city of Kharkiv, was recruited by Russian intelligence through a hacker channel on the messaging app Telegram, the SBU said.

Ukraine’s law enforcement searched his apartment, seizing three mobile phones, a laptop, and flash drives containing alleged evidence of his crimes.

The hacker is suspected of launching distributed denial-of-service (DDoS) attacks against Ukrainian state websites on behalf of the Cyber Army of Russia. The group presents itself as a hacktivist collective, akin to the IT Army Of Ukraine, but the SBU claims that it is controlled by Russian intelligence.

In addition to DDoS attacks, the hacker is also suspected of leaking strategic information, like the whereabouts of Ukrainian troops, artillery, and air defense systems, to the Russian military.

According to the SBU, he covertly recorded potential locations of the Ukrainian army and then sent screenshots of online maps with coordinates of potential targets to Russian intelligence.

This information reportedly helped Russia launch two missile strikes against Ukrainian civil infrastructure, including a local hospital.

If found guilty, the suspect could face up to 12 years in prison.

The detention of Ukrainian citizens allegedly recruited by Russia to spy on the military or help target local infrastructure is a common occurrence during the war. Typically, the suspects capture photos or videos of potential locations of Ukrainian troops or weaponry and then send them to Russia through Telegram.

Earlier in October, for example, the SBU detained a Ukrainian man who had installed cameras on the streets of his city to gather intelligence on the movements and numbers of Ukrainian equipment and military personnel. He reportedly sent this information to Russian intelligence.

Instances of hackers being detained are rare in Ukraine, but it has previously happened in Russia.

In October, two Russian citizens were detained in Siberia for allegedly carrying out cyberattacks on Russian networks on behalf of Ukraine. If found guilty, they could face up to 20 years in prison on charges of treason.

Last year, three residents of the Russian city Rostov-on-Don were sentenced to prison or fined for carrying out distributed denial-of-service (DDoS) attacks against Russian sites.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.