Ukraine’s military intelligence service claims it has infected thousands of servers with malware and destroyed an “entire database” in a major hack against Russia’s federal tax service.
In a statement published Tuesday, Ukraine’s Main Directorate of Intelligence (GUR) said cyber units of Ukraine’s Defence Intelligence successfully conducted a “special operation” in Russia aimed at the aggressor state’s tax system.
“Cyber units of the Defence Intelligence of Ukraine conducted another successful special operation in Russia,” said GUR.
“This time they attacked the tax system of the aggressor state.”
GUR said during the operation, military intelligence officers were able to break into a “well-protected” key central server of Russia’s federal taxation service, before spreading its efforts to more than 2,300 regional servers – an undisclosed number of which were housed in occupied territory in Crimea.
GUR said all impacted servers were infected with malware during the purported hack.
The military intelligence outfit further reported a second attack against Russian IT company Office.ed-it.ru which provides data centre services for the Russian federal tax service.
These attacks allegedly saw pivotal configuration files “completely eliminated”, as well as an “entire database and its backup copies” destroyed.
The two cyber attacks are said to have “paralysed” communications between the central office headed in Moscow and 2,300 Russian territorial departments, as well as communications between the tax service and Office.ed-it.ru.
“This means a complete destruction of the infrastructure of one of the main state bodies of terrorist Russia and numerous related tax data for a long period,” said GUR.
While the attacks have not been publicly verified by the Russian media or tax service, GUR suggests Russia’s tax service has been “trying to restore” its operations for at least four days, and that it is “impossible to entirely resuscitate the tax system of the aggressor state.”
“According to experts, the paralysis of the Russian federal taxation service will last at least a month,” said GUR.
“The cyber attack by the Defence Intelligence of Ukraine was another serious blow to the kremlin regime.”
GUR further claims internet traffic containing tax data on a nationwide scale “ended up” in the hands of Ukrainian military intelligence following the attack.
Cyber warfare continues
As Russia’s invasion of Ukraine heads towards its 22nd month, GUR’s proclaimed hack marks the latest effort in a long-running exchange of cyber warfare.
Shortly before the invasion began, Ukraine’s Ministry of Defence, Armed Forces, and two major banks were rustled by a DDoS attack widely believed to involve Russian Intelligence, and as recently as Tuesday, Ukraine’s largest telecommunications service provider said it was targeted by a cyber attack which impacted phone and internet services for millions of Ukranians.
GUR’s purported tax hack also marks the second time Ukraine has officially claimed a cyber attack against Russia, following an announcement that it obtained a “large volume of confidential documents” after hacking a Russian aviation agency last month.
Prior to GUR’s recent claims, much of the cyber warfare taking place during the ongoing invasion had been claimed by hacktivists and pro-Ukraine hacker groups, including a mass-doxxing effort by hacker group Anonymous.
Notably, both of GUR’s recent announcements have arrived after two of the largest hacktivist groups of the Ukraine conflict promised to de-escalate cyber attacks after new rules of engagement were published by prominent war watchdog, the International Committee of the Red Cross.
Meanwhile, Australia, the UK and multiple international partners have expressed concerns over Russia-based cyber operations aiming to interfere with democratic processes.
This came after Russian state cyber actors were pinned for sustained attempts at interfering in UK politics, leading Australian Minister for Foreign Affairs Penny Wong and Minister for Home Affairs Clare O’Neil to call on Russia and all countries to act responsibly in cyber space.
