Today is Ukraine Independence day. It's also the six-month anniversary of the official launch of Russia's invasion into Ukraine, with no clear end to the aggression in sight. Despite the widespread fears of cyber war at the outset of the invasion, no highly damaging incidents such as crippling attacks on Ukraine's power grid have yet occurred.As our updated timeline shows, however, the invasion did begin on February 24 with a disturbing assault on Ukraine's communications capabilities via an attack on satellite provider Viasat, attributed to Russia's GRU intelligence arm. Since then, a spate of digital disruptions by Russia, and digital defenses by Ukraine and its allies, point to a steady drumbeat of mostly low-level but steady and robust cyber assaults.Once the kinetic war against Ukraine ends, an accurate picture of cyber damage in Ukraine and surrounding areas will no doubt emerge. Victor Zhora, the deputy head of Ukraine's State Service of Special Communications and Information Protection (SSCIP), has already declared Russia to be the perpetrator of "cyber war crimes" and is calling for prosecutions in the International Criminal Court (ICC).[Editor\u2019s note: This article, originally published on January 19, 2022, has been updated to reflect recent events.]Timeline on Russia-linked cyber incidentsThe following is a chronological timeline of this year's developments related to the cyberattacks in Ukraine:January 11:\u00a0\u00a0U.S. releases cybersecurity advisoryThe Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA)\u00a0released\u00a0a joint Cybersecurity Advisory (CSA) providing an overview of Russian state-sponsored cyber operations including commonly observed tactics, techniques, and procedures. The\u00a0advisory\u00a0also provided detection actions, incident response guidance, and mitigations.CISA also recommended that network defenders review CISA's Russia Cyber Threat Overview and Advisories page for more information on Russian state-sponsored malicious cyber activity. The agencies seemingly released the CSA as part of an occasional series of joint cybersecurity advisories.January 13 to 14:\u00a0Ukrainian websites defacedFollowing a breakdown of diplomatic talks between Russia and the West intended to forestall a threatened Russian invasion of Ukraine, hackers launched defacement attacks that brought down dozens of Ukrainian government websites, including the Ministry of Foreign Affairs, the Ministry of Education, and others. The hackers posted\u00a0a message\u00a0that said, "Be afraid and expect the worst."The message also warned Ukrainians, "All your personal data has been sent to a public network. All data on your computer is destroyed and cannot be recovered," and raised historical grievances between Poland and Ukraine. Ukraine's State Bureau of Investigations (SBI) press service\u00a0said\u00a0that no data were stolen in the attack.Although Ukraine did not attribute the attacks to Russia definitively, the European Union's chief diplomat Josep Borrell\u00a0hinted\u00a0that Russia was the culprit. Serhiy Demedyuk, deputy secretary of Ukraine's national security and defense council, preliminarily\u00a0pinned\u00a0the attacks on a hacker group linked to Belarusian intelligence known as UNC1151. Belarus is a close ally of Russia.The European Union\u00a0condemned the attacks\u00a0and said it stands "ready to provide additional, direct, technical assistance to Ukraine to remediate this attack and further support Ukraine against any destabilizing actions, including by further building up its resilience against hybrid and cyber threats." NATO Secretary-General Jens Stoltenberg\u00a0said\u00a0that his cyber experts in Brussels were exchanging information with their Ukrainian counterparts on the malicious cyber activities and would sign an agreement on enhanced cyber cooperation.January 14: Russia takes down REvil ransomware groupIn what seemingly appeared to be a surprise demonstration of U.S.-Russian collaboration, Russia's FSB domestic intelligence service\u00a0said\u00a0that it dismantled ransomware crime group REvil at the request of the United States in an operation that resulted in the arrest of the group's members. The announcement was made even as the attacks on the Ukraine websites were underway.A senior administration official stopped short of\u00a0confirming\u00a0that the arrests were made at the administration's request. Instead, the official said they were the product of the "President's commitment to diplomacy and the channel that he established and the work that has been underway in sharing information and discussing the need for Russia to take action."January 15:\u00a0Microsoft reveals the discovery of malware on Ukrainian websitesMicrosoft observed destructive malware disguised as ransomware in systems belonging to dozens of Ukrainian government agencies and organizations that work closely with the Ukrainian government. Microsoft didn't specify which agencies and organizations were targeted but said they "provide critical executive branch or emergency response functions," as well as an IT firm that manages websites for public and private sector clients, including government agencies whose websites were recently defaced.If activated by the attacker, the wiper malware would render the infected computer system inoperable. Microsoft's Threat Intelligence Center (MSTIC)\u00a0issued\u00a0a technical\u00a0post\u00a0outlining the malware, saying that while designed to look like ransomware, it lacked a ransom recovery mechanism, was intended to be destructive, and was built to render targeted devices inoperable rather than to obtain a ransom.MSTIC found no notable associations between the observed activity, tracked as DEV-0586, and other known activity groups. Microsoft has implemented protections to detect this malware family, known as WhisperGate, via Microsoft Defender Antivirus and Microsoft Defender for Endpoint.January 16:\u00a0Ukraine blames Russia for attack on Ukrainian websitesUkraine's Ministry of Digital Transformation\u00a0said\u00a0that all the evidence pointed to the fact that Russia is behind the defacement attacks on Ukraine's government websites. "The latest cyberattack is one of the manifestations of Russia's hybrid war against Ukraine, which has been going on since 2014," the ministry said.January 18: Data wiped at Ukrainian government agenciesAccording to the Ukrainian government and other individuals familiar with the incident, several Ukrainian government agencies had their data wiped in a cyberattack coordinated with defacement attacks against government agency websites. The Ukrainian government said that it believed Russia was responsible.January 23: DHS issues bulletin for critical infrastructure operatorsThe U.S. Department of Homeland Security (DHS)\u00a0sent an intelligence bulletin\u00a0to critical infrastructure operators and state and local governments warning that Russia would consider conducting a cyberattack on the U.S. homeland if Moscow perceived that a U.S. or NATO response to a potential Russian invasion of Ukraine "threatened [Russia's] long-term national security."February 14: Critical infrastructure in Odesa compromisedIn its first special report on cyber activity in Ukraine, published on April 27, Microsoft said that Odesa-based critical infrastructure was compromised by likely Russian actors.February 15: Ukraine's defense ministry hit by DDoS attackUkraine's State Service of Special Communications and Information Protection of Ukraine (SSSCIP)\u00a0confirmed\u00a0that a distributed denial of service (DDoS) attack hit the websites of Ukraine's defense ministry and armed forces and the websites of two Ukrainian banks.February 15: Declassified intelligence reveals Russian presence in critical Ukrainian networksNewly declassified intelligence\u00a0showed\u00a0that Russian government hackers likely penetrated Ukrainian military, energy, and other critical computer networks to collect intelligence and position themselves potentially to disrupt those systems should Russia launch a military assault on Ukraine.February 16: U.S. agencies issue joint Cybersecurity AdvisoryCISA, the FBI, and the NSA\u00a0issued a joint Cybersecurity Advisory titled, "Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology." CISA said compromised entities have included cleared defense contractors (CDCs) supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and Intelligence Community programs over the last two years.February 17: Russian actors found present on critical infrastructure in Sumy.In its first special report on cyber activity in Ukraine, published on April 27, Microsoft said that suspected Russian actors were present on critical infrastructure networks in Sumy.February 18: CISA releases guidance regarding the Russia-Ukraine conflictIn the face of ongoing Russia-Ukraine geopolitical tensions, CISA released a new\u00a0CISA Insight, Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides critical infrastructure owners and operators with guidance on how to identify and mitigate the risks of influence operations that use mis-, dis-, and mal-information (MDM) narratives.\u00a0February 18: U.S. attributes February DDoS attack to Russia's GRUIn an unprecedented development, the U.S. publicly attributed the February DDoS attacks against Ukraine's defense ministry and significant banks to Russian GRU military intelligence officers. This attribution occurred only a few days following the attacks, which usually takes months or even years. The Biden administration's deputy national security adviser for cyber and emerging technologies, Anne Neuberger, announced this attribution at a\u00a0White House press briefing\u00a0saying that the U.S. moved swiftly to "call out the behavior" in the hopes of averting an invasion of Ukraine.February 22: FBI warns U.S. businesses of potential for ransomware attacksIn a\u00a0phone call\u00a0with private executives and state and local officials, senior FBI cyber official David Ring asked U.S. businesses and local governments to be mindful of the potential for ransomware attacks as the crisis between the Kremlin and Ukraine deepened.February 23: New form of destructive malware discovered in Ukrainian networksResearchers from ESET and Symantec\u00a0report\u00a0that a new form of destructive malware called\u00a0HermeticWiper\u00a0that can delete or corrupt data on a targeted computer or network has been seen spreading in Ukraine. Symantec also said that the wiper had been detected in Latvia, Lithuania, and Ukraine and that targets included financial organizations and government contractors.February 23: Ukrainian banking and government websites hit by DDoS attackA new, second round of DDoS attacks took down Ukrainian government and banking websites. Mykhailo Fedorov, Ukraine's digital transformation minister,\u00a0confirmed\u00a0that a sizeable DDOS attack affected the stability of several government websites and some Ukrainian banks and websites related to Ukraine's parliament.February 24: President Biden warns of risks to U.S. businesses, critical infrastructurePresident Biden said during\u00a0remarks\u00a0on Russia's invasion of Ukraine that "If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond." Biden added that "For months, we've been working closely with the private sector to harden our cyber defenses, sharpen our ability to respond to Russian cyberattacks as well."February 24: Russian websites, critical information infrastructure hit by cyberattacksThe Russian government's National Computer Incident Response and Coordination Center\u00a0warned\u00a0of "the threat of an increase in the intensity of computer attacks on Russian information resources, including critical information infrastructure (CII)." The warning follows\u00a0numerous reports\u00a0of outages on official Russian government websites, including the website of the Kremlin itself.February 24: Viasat cyberattack impacts broadband service in Ukraine, across EuropeOne of the world's largest commercial satellite companies, Viasat,\u00a0was hit\u00a0with a multifaceted and deliberate cyber-attack against its KA-SAT network that partially interrupted KA-SAT's consumer-oriented satellite broadband service. The attack impacted several thousand customers in Ukraine and tens of thousands of other fixed broadband customers across Europe.February 26: Ukrainian officials urge civilians to join the Ukraine IT ArmyUkrainian officials supported a campaign to attract civilian developers and hackers into what it called the\u00a0IT Army of Ukraine. The "army" almost immediately signed up 184,000 users on its main Telegram channel.February 28: Kyiv-based media company compromisedIn its first special report on cyber activity in Ukraine, published on April 27, Microsoft said that a threat actor compromised a Kyiv-based media company.March 1: Kyiv media companies faced destructive attacks and data exfiltrationIn its first special report on cyber activity in Ukraine, published on April 27, Microsoft said that Kyiv-based media companies faced destructive attacks and data exfiltration.March 2: Microsoft warns of continued wiper attacksIn a blog\u00a0update,\u00a0Microsoft warned that the group behind the HermeticWiper attacks in February was still active, implying that it had observed other attacks that were not disclosed.March 2: Russian government posts lists of IP addresses and domains allegedly involved in DDoS attacks against Russian targetsRussia's National Computer Incident Response & Coordination Center\u00a0published\u00a0a list of more than 17,500 IP addresses, and 174 internet domains it says are involved in ongoing distributed denial-of-service attacks on Russian domestic targets. The Center also issued recommendations on how to ward off DDoS attacks.March 2: Russian group moved laterally on Ukrainian nuclear power company's network.In its first special report on cyber activity in Ukraine, published on April 27, Microsoft said that a Russian group moved laterally on the network of a Ukrainian nuclear power company.March 3: Ukraine accuses hackers of spreading false informationUkraine's State Service of Special Communication and Information Protection\u00a0said\u00a0that an undisclosed number of official websites of "regional authorities and local governments" had been hijacked and used to spread "lies" about a deal to end the fighting prompted by Russia's invasion. Ukraine says the "enemy" was responsible for the information. Russia denied using hackers to go after its foes.March 3: Hackers compromised Russian space instituteHackers\u00a0compromised\u00a0a website connected to Russia's Space Research Institute (IKI), which designs and builds scientific instruments for space experiments. The hackers, purportedly part of a wave of vigilante hackers that took up digital arms following Russia's invasion of Ukraine, defaced a section of IKI's website to post vulgar, anti-Russian messages.March 4: Fancy Bear compromised government network in VinnytsiaIn its first special report on cyber activity in Ukraine, published on April 27, Microsoft said the STRONTIUM threat group, also known as Fancy Bear or APT28, compromised a government network in Vinnytsia.March 5: Ukraine says Russian cyberattacks are nonstopUkraine's State Service of Special Communications and Information Protection\u00a0(USSSCIP) said, "Russian hackers keep on attacking Ukrainian information resources nonstop." The agency said that sites belonging to the presidency, parliament, the cabinet, the ministry of defense, and the ministry of internal affairs were among those hit by distributed denials of service (DDoS) attacks.March 5: Anonymous claims FSB website take-downThe hacktivist collective Anonymous claims it\u00a0took down\u00a0the website of the Federal Security Service (FSB) of Russia. The group further claimed it took down 2,500 websites in Russia and Belarus in support of Ukraine.March 6: Cybercom's secret "cybermissions" revealedSources\u00a0say\u00a0that secret forces from the United States Cyber Command known as "cybermission teams" are in place across Eastern Europe to interfere with Russia's digital attacks and communications. Although most elements of these teams are classified, it is clear that the cybermissions have tracked some familiar targets, including the activities of the G.R.U., Russia's military intelligence operations, to neutralize them. Microsoft has helped in some of these activities.March 7: Anonymous claims hack into Russian TVThe Anonymous group\u00a0took responsibility\u00a0for hacking into the Russian streaming services of state television channels, which the Russian authorities use for propaganda and fake news. The group claimed it hacked into the Russian streaming services Wink and Ivi (like Netflix) and live TV channels Russia 24, Channel One, and Moscow 24 to broadcast war footage from Ukraine.March 7: Belarus conducts phishing attacks against Polish military, Ukrainian officials revealedGoogle's Threat Analysis Group\u00a0said\u00a0that Russia's ally Belarus conducted widespread phishing attacks against members of the Polish military and Ukrainian officials. Google also warned hundreds of Ukrainian residents about government-backed hacking attempts in the past year, most of them from Russia.March 8: Hacktivist crew uses phone bombing software to plead with Russian citizensThe hacktivist crew known as The International Legion Information Technology Battalion 300 (ILIT300) claimed to have\u00a0phone bombing software\u00a0created by Ukrainian hacktivists to send out pleas to Russian citizens in the hopes that they would speak out against the conflict in Ukraine. The ILIT300 dubbed their operation #OpPhoneKiss. Nataliya Vasilyeva, a Telegraph Moscow correspondent, confirmed she received one of the phone calls.March 8: Russian government websites compromised through stats widgetThe Russian Ministry of Economic Development\u00a0press service said\u00a0some of Russia's federal agencies' websites were compromised in a supply chain attack after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies. The hackers were able to publish incorrect content on the pages of the websites.March 9: Cybercriminals exploit Ukrainian sympathizersResearchers at Cisco Talos say opportunistic cybercriminals are trying to exploit Ukrainian sympathizers by offering malware purporting to be offensive cyber tools to target Russian entities. Once downloaded, these files infect unwitting users rather than delivering the tools initially advertised. One threat actor offered a DDoS attack tool for use against Russians. Instead, he delivered an information stealer that infected the unwitting victim with malware designed to dump credentials and cryptocurrency-related information.March 11: Attacks on Russian sites escalated in MarchRostelecom-Solar, the cybersecurity arm of telecom company Rostelecom, the largest digital services provider in Russia,\u00a0said\u00a0efforts to disrupt the operations of company websites in Russia jumped in March, with the number of distributed denials of service (DDoS) attacks already exceeding by mid-March those for the whole of February. Russian government entities and state-owned companies were targeted, with the websites of the Kremlin, flagship carrier Aeroflot and major lender Sberbank among those who experienced outages or temporary access issues.March 11: Dnipro government agency targeted with destructive implantIn its first special report on cyber activity in Ukraine, published on April 27, Microsoft said that a Dnipro government agency was targeted with a destructive implant.March 15: Ukraine Secret Service detains "hacker" helping Russian troops route phone callsThe Security Service of Ukraine (SSU)\u00a0said\u00a0it detained a "hacker" who was providing technical assistance to Russian troops in Ukraine by routing phone calls on their behalf. The hacker also sent text messages to Ukrainian security forces suggesting they surrender.March 15: Feds warn of Russian state actors exploiting MFA, PrintNightmare flawsThe Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA)\u00a0released\u00a0a joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored cyber actors have gained network access through the exploitation of default multi-factor authentication (MFA) protocols and a critical Windows Print Spooler vulnerability called PrintNightmare to run arbitrary code with system privileges.March 18: Developer sabotages own code to wipe computers in Russia, BelarusRIAEvangelist, the maintainer of a popular open-source software called node-ipc, faced criticism for deliberately\u00a0sabotaging their own code\u00a0to wipe data on computers that used the program in Russia and Belarus. The altered versions of the software deleted all data, overwrote all files on developer's machines, and created new text files with "peace" messages.March 21: Feds reiterate warning of potential malicious Russian cyber activityIn a\u00a0statement\u00a0from the White House, President Biden reiterated that "Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we've imposed on Russia alongside our allies and partners." He also urged "private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year." White House cyber advisor Anne Neuberger also\u00a0appeared\u00a0at a press briefing to urge "companies to take the steps within your control to act immediately to protect the services millions of Americans rely on and to use the resources the federal government makes available.March 21: Russia's top bank warns of malware-laden protestwareSberbank, Russia's largest bank,\u00a0warned\u00a0its users to stop updating software due to the threat of "protestware," open-source projects whose authors altered their code in opposition to Moscow's invasion of Ukraine. Although most of the protestware simply conveys antiwar messages, one project contained malicious code to wipe computers in Russia and Belarus.March 24: U.S. intel analysts say Russia was behind Viasat cyberattackU.S. intelligence analysts\u00a0concluded\u00a0that Russian military spy hackers were behind the cyberattack on Viasat's satellite broadband service that disrupted Ukraine's military communications at the start of the war last month. However, the U.S. government did not formally or publicly attribute that attack to Russia.March 25: U.S., UK charge four Russian officials with critical infrastructure hackingThe U.S. Justice Department and British Foreign Office\u00a0charged\u00a0four Russian officials with the malicious hacking of critical infrastructure around the globe, including the U.S. energy and aviation sectors, between 2012 and 2018. One of the officials charged was an employee at a Russian military research institute accused of working with co-conspirators in 2017 to hack a foreign refinery's systems and install malicious software. The British Foreign Office suggested that the timing of the charges was directly related to Russian President Vladimir Putin's "unprovoked and illegal war in Ukraine."March 27: Top Ukrainian broadband provider knocked out in cyberattackTop terrestrial Ukrainian internet and telephone service provider Ukrtelecom\u00a0was hit\u00a0by \u00a0a massive cyberattack that knocked out its services for hours. Russia denies any involvement in the attack.March 29: Russia accuses U.S. of malicious attacksIn what some see as an omen that Russia plans to ramp up its malicious cyber activity, the Russian foreign ministry\u00a0accused\u00a0the United States of leading a massive "cyber aggression" campaign behind hundreds of thousands of malicious attacks a day while Russia has troops in Ukraine. The foreign ministry said it believed Ukraine's government, which in February announced the formation of an "IT army," was involved and had launched an "offensive cyber force."March 30: Viasat official says cyberattacks are ongoingViasat\u00a0said\u00a0that the multifaceted cyberattack that struck its KA-SAT network resulted in a partial interruption of KA-SAT's consumer-oriented satellite broadband service, crippling tens of thousands of modems. One Viasat official\u00a0said\u00a0that the attacks are ongoing with repeated attempts by the attacker to test the new defenses the company has raised.March 30: Nation-state threat actors are exploiting Ukraine invasion in malicious campaignsGoogle's Threat Analysis Group\u00a0said\u00a0that as part of its efforts to track malicious cyber activity related to Russia's invasion of Ukraine, it had observed government-backed actors from China, Iran, North Korea, and Russia, and various unattributed groups, using Ukraine war-related themes to get targets to open malicious emails or click malicious links. In addition, financially motivated and criminal actors are also using current events to target users.April 1: CaddyWiper used against Ukrainian government entityESET reports that CaddyWiper malware was deployed against a Ukrainian governmental entity on April 1.April 5: CERT-UA says Armageddon threat group targeted organizations with espionage-related malware.The Computer Emergency Response Team of Ukraine (CERT-UA) spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon) that tried to trick victims with lures related to the war to install espionage-focused malware. One attempt targeted Ukrainian organizations, and the other focused on government agencies in the European Union.April 6: U.S. admits secretly removing malware to thwart RussiansU.S. Attorney General Merrick B. Garland said that armed with secret court orders, the United States secretly removed malware from computer networks around the world, a step to pre-empt Russian cyberattacks and send a message to President Putin of Russia. Although it was unclear what the malware was intended to do, it enabled the Russians to create "botnets" controlled by the G.R.U., the intelligence arm of the Russian military.April 7: Meta reveals Ghostwriter hacking group campaignFacebook parent Meta released an adversarial threat report about a hacking group known as "Ghostwriter," which experts believe is linked to Belarus. The campaign targeted Ukrainian soldiers and civilians, including posing as journalists and independent news outlets online to push Russian talking points and seeking to hack the soldiers' accounts. Meta said it had removed a network of about 200 accounts operated from Russia that repeatedly filed false reports about people in Ukraine and Russia to get them and their posts removed from the platformApril 12:\u00a0 CERT-UA reveals Industroyer2 attack on energy facilityThe Government Computer Emergency Response Team of Ukraine CERT-UA responded to an attack on an energy facility in Ukraine that used a new variant of Industroyer malware called Industroyer2, attributed to the Russian state threat group Sandworm. The attack also used several other destructive malware weapons, including CaddyWiper, ORCSHRED, SOLOSHRED, and AWFULSHRED.April 19: Sandworm launches destructive attack on Lviv-based logistics providerIn its second report on Ukrainian cyberattacks published on June 22, Microsoft said that the Russian state-based threat group Iridium, also known as Sandworm, launched a destructive attack on a Lviv-based logistics provider.April 29: Sandworm conducted reconnaissance against Lviv transportation sector networkIn its second report on Ukrainian cyberattacks published on June 22, Microsoft said that the Russian state-based threat group Iridium, also known as Sandworm, conducted reconnaissance against a transportation sector network in Lviv.May 10: U.S. and Western allies attribute Viasat attack to RussiaThe United States and European nations officially attributed the blame for the February 24 attack on satellite provider Viasat, which crippled Ukrainian communications at the outset of Russia's invasion, to Russia. U.S. officials attributed the attack specifically to the Russian intelligence agency GRU.May 20: EU condemns Viasat attackThe European Union and its Member States, together with its international partners, issued a statement saying they strongly condemn the malicious cyber activity conducted by the Russian Federation against Ukraine, which targeted the satellite KA-SAT network, owned by Viasat.May 30: Russians rerouted multiple Ukrainian ISPs' internet trafficRussians rerouted internet traffic in the city of Kherson in south Ukraine from KhersonTelecom, known locally as SkyNet, to a Russian provider. According to senior Ukrainian officials and technical analysis, multiple Ukrainian ISPs were forced to switch their services to Russian providers and expose their customers to the country's surveillance and censorship network.June 15: U.S. boosts funding to VPN companies to meet rising demand in RussiaSources said that a U.S. government-funded nonprofit organization, the Open Technology Fund (OTF), gave three VPN companies, nthLink, Psiphon, and Lantern, at least $4.8 million in U.S. funding between 2015 and 2021, an amount that increased by over half after the Ukraine invasion to cope with the rise in demand in Russia.June 22: Microsoft shares intelligence report on early lessons on cyber war in UkraineMicrosoft published an intelligence report that offers insights on the early lessons regarding cyber incidents in Ukraine and new details about the sophisticated and widespread Russian foreign influence operations surrounding the war.June 27: Russian group Killnet claims credit for attacks on Lithuanian websitesLithuania reported that an "intense, ongoing" cyberattack hit the websites of government agencies and private firms in the country, some of which were aimed at Lithuania's Secure Data Transfer Network, a communications network for government officials that is built to withstand war and other crises, according to the defense ministry. The Russian-speaking hacking group Killnet claimed responsibility for at least some of the hacks, saying they were in retaliation for Lithuania blocking the shipment of some goods to the Russian enclave of Kaliningrad, which is wedged between Lithuania and Poland.July 19: Google says Turla tried to trick hacktivists into using a fake appGoogle researchers reported that a Russian government hacking group called Turla, also known as Snake, Krypton, and Venomous Bear, tried to trick a loose collective of technologists and hacktivists operating under the name Ukrainian IT Army into using a malicious Android app called CyberAzov, which was a fake app to launch Distributed Denial of Service (DDoS) attacks against Russian sites.July 20: Cybercom posts indicators of malwareIn close coordination with the Security Service of Ukraine (SSU), U.S. Cybercom posted 20 indicators of malware compromise that the SSU discovered.July 22: Ukrainian radio station hacked to relay a false message about Zelensky's health\u00a0 A Ukraine's State Service of Special Communications and Information Protection (SSSCIP) spokesperson said that cybercriminals attacked Ukrainian radio station TAVR Media to spread a false message that Ukrainian President Volodymyr Zelensky was in critical condition and under intensive care.July 27: CISA and Ukraine sign memo of cooperation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Ukrainian State Service of Special Communications and Information Protection of Ukraine (SSSCIP) signed a Memorandum of Cooperation (MOC) to strengthen collaboration on shared cybersecurity priorities.July 31: SSSCIP says cyberattacks are increasingThe State Service of Special Communications and Information Protectorate of Ukraine (SSSCIP) released its July War in Ukraine, Pulse on Cyber Defense Report showing increased cyberattacks on public authorities and financial institutions. The report states there were 203 cyberattacks carried out during July.August 2: Ukraine announces bot farm dismantlingUkraine's secret service announced it had dismantled an organized group that created a vast bot farm aiming to discredit the leadership and destabilize Ukraine's social and political situation. The propaganda potential of this bot farm was also used by Russian special services spreading fake news about the situation on the front and carrying out subversive information operations.August 17: Russian-based hackers launch DDoS attack on nuclear power company websiteUkraine's state nuclear power company Energoatom said that Russian-based hackers called "narodnaya kiberarmya," or "popular cyber army," unleashed an hours-long DDoS attack on its website but said significant problems had been avoided. Energoatom said the Russian group used "7.25 million bot users who simulated hundreds of million views of the company's homepage for three hours."August 19: Estonia withstands high-intensity cyberattackEstonia said it successfully withstood a high-intensity but short cyberattack launched by Russia-aligned hackers Killnet, who attempted to take down the websites of government offices, banks, and healthcare providers in the Baltic nation.August 22: Ukraine and Poland sign memo on cooperationThe Ukrainian Ministry of Digital Transformation said that Ukraine and Poland signed a memorandum of understanding on cooperation in cybersecurity.