Russia has been launching cyber attacks

against the Ukrainian government's private industry,

even critical infrastructure

that truly have no precedent in history.

These are some of the most disruptive cyber attacks

we've ever seen.

I'm Andy Greenberg.

I am a senior writer with Wired

and the author of the book, Sandworm,

and I am going to walk you through the history

of Russia's cyber attacks against Ukraine.

Right now, of course, there is an actual full-scale

Russian invasion of Ukraine taking place.

Ukraine is now the epicenter of Russia's conflict

with the west, as it has been in some ways

sort of under the radar for last almost decade.

But it also is a country whose recent history

has these lessons about the nature of cyber war.

And it's a country where we can look

to understand what Russia is capable of

in its digital disruption and how to be prepared for it.

2014, Russia hacks the Ukrainian

Central Election Commission.

In 2014, Ukraine has a revolution

and it pulls away from Russia's sphere of influence.

And then, later that year,

as it's having its first presidential election,

Russian state sponsored hackers break

into its Central Election Commission

and essentially try to fake the results.

They plant a spoofed image that seems to show

that this far right candidate has won by a landslide.

In fact, he won single digit percentages of the votes.

Now, actually, the Central Election Commission

caught this fake results in time and managed to foil this,

but Russian TV nonetheless broadcast those fake results

which kinda shows how they were working in league

with these hackers.

Putin and the Kremlin have always wanted

to paint the new Ukrainian democratic government

as controlled secretly by neo-Nazis

and so trying to spoof that the results showed

that the actual winner of the election

was this super far-right candidate was just another kind

of beat in that campaign of this information.

2015, Russia hacks Ukraine's power grid.

A now notorious group of state sponsored hackers,

called Sandworm, takes over Russia's cyber warfare

in Ukraine.

And they launch a whole series of attacks

that hits Ukrainian media government agencies.

And then, just before Christmas, they cap all this off

with a cyber attack on the Ukrainian power grid,

which is the first time in history

that hackers actually trigger a blackout.

But just to kind of add insults to injury,

Sandworm also destroyed hundreds of computers

inside of these utilities.

They bombarded them with fake phones calls,

just to add an extra layer of chaos,

and they even turned off the backup power supply

to the control rooms themselves

so that these operators were thrown into a kind

of blackout in the midst of their own blackout.

This blackout really only lasted six hours or so

before Ukrainians were able

to manually switch the power back on.

But I think it was intended to have a kind

of terrorizing effect and it shocked the world.

And it also kind of gave Sandworm this reputation as,

perhaps, the most disruptive,

the most cyber war-oriented hacker group in the world.

2016, Sandworm attacks Ukraine's power grid again,

this time in Kyiv.

About a year after Sandworm's first attacks in Ukraine,

it returns with another, even more severe collection

of cyber attacks against Ukrainian government agencies,

its Ministry of Defense and infrastructure and finance.

The hackers destroyed terabytes of data

on these agency networks.

They actually wiped the country's national budget

for the year.

This series of cyber attacks culminates in an attack

on the power grid, causing another blackout,

this time in the capital of Kyiv.

The second blackout only lasted an hour, but,

in some ways it was nonetheless kind of escalation

of what Sandworm had inflicted the year before.

They actually disabled safety systems

in this transmission station,

with the intention that, when the Ukrainian operators rushed

to turn the power back on,

they might have caused an overload of currents

on power lines, or even exploded a transformer.

Truly dangerous and physically destructive effects

of a kind that we had never seen before

inside of an electrical utility.

And that only failed because of a tiny misconfiguration

in Sandworm's malware.

2017, Sandworm releases the Notpetya Malware.

That morning of June 27, 2017,

Ukrainians across the country began

to see this ransomware message appear

on computers in all sorts of networks, from private industry

and banks to government agencies, hospitals.

It seemed to be encrypting computers and demanding a ransom

in the ways that cyber criminal hackers often do.

But even when you paid the ransom,

you couldn't recover your files.

It was actually a data destroying piece of code,

designed to cause maximum chaos.

And then, because internet worms do not generally stay

within national boundaries,

it spread to the rest of the world.

Notpetya immediately hit companies like Maersk,

the world's largest shipping firm, and FedEx and Mondelez,

which owns Cadbury and the Nabisco,

and Merck, the pharmaceutical giants.

In the case of Maersk, for instance, that meant

that tens of thousands of trucks were lining up outside

of terminals and ports around the world

and ships with thousands and thousands of containers

on them are arriving at those ports

and nobody knows what is on them.

For Merck, it meant they had to borrow their own HPV vaccine

from the Center for Disease Control

because their manufacturing was shut down.

In each of these cases, these companies lost hundreds

of millions of dollars, more than a billion in some cases,

all because of this one cyber attack

that had spilled out from Ukraine.

What comes next?

In the years after Notpetya, Sandworm hit other targets

around the world, including the 2018 Winter Olympics

in PyongChang, Korea to the nation of Georgia,

where they shut down television stations in 2019.

But we haven't seen Sandworm reappear

in any obvious way in Ukraine.

Now, just before the full-scale physical Russian invasion

of Ukraine that occurred on February 24th,

we did see another round of cyber attacks

that destroyed hundreds of computers

in Ukrainian government and military agencies,

although we don't have any conclusive evidence yet

that it really was Sandworm this time.

Now in the midst of this invasion,

cyber war has been a pretty secondary element at best.

People are dying by the thousands,

refugees are fleeing the country.

That is, of course, the context in which anything I say

about cyber war has to be framed.

It might even make a tax on computer systems

seem kind of trivial.

But I think that now that we understand Russia's

cyber warfare playbook, now that we see what Sandworm

is capable of, we have to kind of reckon

with those capabilities.

Russia is now in this conflict with the west as a whole.

It's been isolated and sanctions and we'll have

to grapple the fact that Russia can unleash these sorts

of cyber attacks on Western targets

if it feels like it's been put into a corner,

whether that's comes in the form of data-destroying malware

or attacks on power grids or even something

like Notpetya again.