Cyber Security II: CyberBerkut

Part II in an ongoing series of cyber threats and capabilities emanating from Russia and Eurasia.

The hacker-group responsible for repeated cyber-attacks on websites affiliated with the new Ukrainian government, NATO, military contractors, and western NGOs.  Taking its name from the former Ukrainian regime’s special police, this organization supports pro-Russian interests.



CyberBerkut is a pro-Donetsk/pro-Russian hacker-group responsible for repeated cyber-attacks on websites affiliated with NATO, Ukrainian nationalists, private military contractors, the Kiev government, and western NGOs. The group emerged following the collapse of the Yanukovych government and the dissolution of Berkut, Ukraine’s special police force.



CyberBerkut rose to prominence in the wake of the EuroMaidan riots after taking credit for a series of distributed denial-of-service (DDoS) attacks. The attacks first targeted NATO websites, taking revenge for the support (including the presence of western political officials at rallies) NATO members provided to the Maidan activists. Since February, CyberBerkut has expanded their activities to target American private military companies, pro-EU political parties, the Central Election Commission of Ukraine, and PrivatBank, one of Ukraine's largest commercial banks.

More significantly, CyberBerkut is credited with leaking the sensitive phone calls of Yulia Tymoshenko (in which she allegedly threatened to kill the ethnic Russian population of Ukraine with nuclear weapons), U.S. Assistant Secretary of State Victoria Nuland (in which covert U.S. support of EuroMaidan was confirmed), and the Estonian Foreign Minister, Urmas Paet (where the existence of pro-Maidan snipers in Kiev was discussed). Authenticity of the calls has been confirmed in the cases of the Estonian Foreign Ministry and the U.S. State Department, while Tymoshenko denied such comments.  


Historical pro-Russian Hackers

CyberBerkut is the latest in a series of hacker-groups that have defended Russia against international opposition. In 2007, Estonia came under a series of cyber-attacks over the Bronze Soldier Controversy.  These attacks targeted the Estonian government, media and bank web servers, nearly crippling the nation’s digital infrastructure. This case is notable because of the country’s high technological sophistication and it’s hosting of the NATO Cooperative Cyber Defence Centre of Excellence.

The 2008 Georgia War also saw a series of cyber-attacks, attacks which may be the first time in which the hacking of open-source political websites was conducted in support of active military operations. The scale of the attacks was great enough to nearly render inaccessible every website affiliated with the Georgian government.



  • DDos Denial-of-Service attacks were prominent in all three conflicts pro-Russian hackers were involved with.
  • The scale and complexity of the attacks appear to be increasing with each passing conflict.
  • No direct link to the Kremlin has ever been found (or publically reported).

Whether state-sponsored or not, the hackers of CyberBerkut appear committed to defending the national interests of Russia and the separatist Donetsk Peoples’ Republic (DPR). The Eurasianist and anti-Atlanticist segments of the Ukrainian population have already taken up an armed struggle against the new Ukrainian government, and it’s no surprise that this fight would carry over into cyber space. In both the armed and cyber conflicts it is probable that the pro-Russia factions receive covert support from Moscow, but confirming this with publically-available sources is highly unlikely.


Likely Courses of Action

  • Continued attacks on networks/websites affiliated with NATO, Ukrainian political parties, western NGOS, and other anti-Russian political groups in Ukraine.
  • Use of familiar tactics (DDos attacks).
  • Continued monitoring of Western or pro-Western officials.
  • Continued actions in support of Russian geopolitical interests.