Ukraine’s intelligence claims cyberattack on Russia’s state tax service

Ukraine’s defense intelligence directorate (GUR) said it infected thousands of servers belonging to Russia’s state tax service with malware, and destroyed databases and backups.

During the operation, Ukraine’s military spies said they managed to break into one of the “key well-protected central servers” of Russia’s federal tax service (FNS) as well as more than 2,300 regional servers throughout Russia and occupied Crimea. The attack also affected a Russian tech company that operates FNS’s database.

According to GUR’s statement published Tuesday, the attack led to the “complete destruction” of the agency’s infrastructure. GUR claimed they destroyed configuration files “which for years ensured the functioning of Russia’s tax system.”

Internet connection between FNS’ central office in Moscow and thousands of its regional branches is also “paralyzed,” GUR said.

According to Ukraine’s intelligence, the FNS “has been unsuccessfully trying to restore the work of its service for four days in a row,” but it will probably remain “paralyzed” for at least a month and “will never fully recover from the attack.”

The claims have not been independently verified — Russian state media has kept silent about the hack, and FNS hasn’t publicly reacted to it.

It’s the second operation on a Russian state agency that GUR has taken responsibility for. In November, the agency acknowledged that it was behind “a successful cyber operation” against the Russian government’s civil aviation agency, also known as Rosaviatsia.

Until recently, only pro-Ukraine hacker groups and hacktivists have publicly claimed such attacks, including those targeting Russian airlines, banks, and internet providers.

In October, a source within Ukraine’s security services (SBU) told Recorded Future News that the agency collaborated with pro-Ukrainian hackers to breach Russia’s largest private bank.

In November, Ukrainian media reported that the Ukrainian hacker group Blackjack worked with the SBU to hack into the website of Russia’s Labor Ministry. They allegedly managed to obtain personal data of military personnel and information concerning Russia’s military actions in Ukraine. The SBU has not publicly acknowledged the incident.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.