The Washington PostDemocracy Dies in Darkness

Not just the DNC: Five more hacks the West has tied to Russia

(Michael Bocchieri/Getty Images)

MOSCOW — While NATO only officially declared cyberspace a domain of war on Tuesday (the same as land, sea, and air and capable of triggering the Article 5 defense response), Western governments have accused Russia of sponsoring hacking attacks for years. As my colleague Ellen Nakashima reported Tuesday, officials and security analysts claimed that Russian-backed hackers had penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump. Russia denied the attack, and one Russian official suggested that it was more likely a fact of local "incompetence."

Here are five more attacks that U.S. or other Western officials have blamed on Russia. Russia has denied a hand in any of them.

1. White House leak

Hackers in 2014 broke into the White House's unclassified servers, gaining access to unclassified e-mail correspondence from President Obama (but not his BlackBerry) and other White House staff. The same hackers appeared to have deeply penetrated the servers at the State Department, the New York Times reported, and Secretary of Defense Ashton Carter said that Russian hackers had also penetrated unclassified computers at the Pentagon. “This has been one of the most sophisticated actors we’ve seen,” a senior American official said. Russian President Vladimir Putin, by his own admission, does not use a cellphone, and rarely uses computers.

2. Ukraine power grid hack

On the evening of Dec. 23, 2015, hackers seized control of a west Ukrainian power grid, opening up circuit breakers and knocking out power substations in a lightning-quick attack that eventually plunged 230,000 Ukrainians into darkness. One worker at the Prykarpattyaoblenergo control center in Ukraine's Ivano-Frankivsk region told Wired about watching his computer's cursor, controlled remotely, magically glide across his computer screen and "click open one breaker after another," then cut power to the control center itself. The publication called it a "first-of-its-kind attack that set an ominous precedent for the safety and security of power grids everywhere." Ukraine quickly pointed the finger at Russia, with which Kiev was  locked in conflict over the annexation of Crimea and support for separatists in the country's Donbas region. The United States did not comment on the source of the attack, and one of the companies investigating the breach said it could not say with certainty who was behind it.  The head of Germany's BfV intelligence agency in an interview with Agence France-Presse blamed Russia for the breach, calling it an element of Russia's "hybrid warfare."

3. Estonia denial-of-service attacks

As tempers flared in 2007 over Estonia's removal of a six-foot bronze statue of a Soviet soldier, the country came under a concerted, weeks-long cyberattack that targeted the computer networks of major commercial banks, government agencies and media outlets, even knocking ATMs temporarily offline. It was an early demonstration of the power of denial-of-service attacks, which effectively paralyzed the Estonian government, largely seen as one of the world's most technologically savvy (sometimes called the "e-government"). NATO, which at the time did not define cyberattacks as military action, dispatched top cyber-terrorism experts to the country. Estonia blamed Russia, saying that many of the attacks were coming from Russian state computer servers. The United States and NATO have never formally accused Russia of the attacks. Georgia accused Russia of launching similar cyberattacks during a five-day war in 2008.

4. German steel mill meltdown

In December 2014, the German Federal Office for Information Security announced that hackers had broken into computers at an unnamed German steel mill and hijacked a blast furnace, preventing operators from shutting it off. It was a rare instance of a digital attack causing physical damage, similar to the U.S. "stuxnet" worm that destroyed centrifuges at a facility in Iran for enriching uranium by altering their rotational speed. The German intelligence agency, which did not identify the hackers as Russian, said that they used targeted phishing attacks to steal names and passwords for the computer network at the plant. Bloomberg news agency later indicated that the plant was owned by ThyssenKrupp AG, the country’s biggest steelmaker, and said four sources had reported that Russia was behind the attack. The company, like every other steelmaker in Germany, denied it was the target of the attack.

5. TVMonde 5 hijack

Jihadist propaganda in support of the Islamic State suddenly appeared on the website of French television network TV5 Monde in April  2015, knocking the station’s 12 channels off the air for 18 hours. While the attack was claimed by an unknown group calling itself the CyberCaliphate, French police said that hackers were Russians, the same ones who had targeted the White House earlier that year. The network, called APT28, Sofacy, or Fancy Bear, was one of the same hacking groups that was discovered inside of the Democratic National Committee network this month. TVMonde 5 called the attack "unprecedented."