{ "id": "d48a3984-d8b7-4b9c-b0ac-9fc54b32fd03", "created_at": "2026-04-06T00:16:35.859434Z", "updated_at": "2026-04-10T13:12:39.823497Z", "deleted_at": null, "sha1_hash": "4b333701d43e06b6dc3036d0c17acdca6ddd5444", "title": "Ukraine sentences two hackers from Russia-linked Armageddon group", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 79531, "plain_text": "Ukraine sentences two hackers from Russia-linked Armageddon\r\ngroup\r\nBy Daryna Antoniuk\r\nPublished: 2024-10-09 · Archived: 2026-04-05 13:32:07 UTC\r\nTwo hackers affiliated with the Russian federal security service (FSB) have been sentenced in absentia to 15 years\r\nin prison in Ukraine for carrying out cyberattacks against state institutions, according to a government statement\r\non Tuesday.\r\nThe pair is reportedly connected to a hacking group tracked as Armageddon, which is considered “the most\r\nengaged” state-sponsored threat actor in the country, according to previous research.\r\nArmageddon, also known as Gamaredon, has been active since at least 2013 and likely operates from the Russian-occupied Crimean Peninsula. The group is believed to act on orders from Russia’s FSB.\r\nIn its statement, Ukraine’s security service (SBU) didn’t identify the sentenced individuals by name but stated that\r\nthey were former employees of the security agency based in Crimea who “betrayed their oath” in 2014 when\r\nRussia annexed the peninsula.\r\nIt is likely that the SBU referred to Oleksandr Sklianko and Mykola Chernykh, two Armageddon-linked hackers\r\nwho were added to the European Union sanctions list earlier in June and were previously alleged to be officers in\r\nthe counterintelligence branch of the FSB in Crimea.\r\nA source in Ukrainian law enforcement confirmed to Recorded Future News that the SBU’s statement indeed\r\nreferred to Sklianko and Chernykh. The source asked not to be identified so they could speak freely about the\r\ncase.\r\nThe European Council’s sanctions accused the two Russians of conducting cyberattacks “with a significant impact\r\non the governments of EU member states and Ukraine, including by using phishing emails and malware\r\ncampaigns.” On Tuesday the EU issued a statement condemning Russian “hybrid activities” against critical\r\ninfrastructure and other targets.\r\nAccording to the Ukrainian investigation, the attackers carried out more than 5,000 cyberattacks on Ukrainian\r\ncritical infrastructure facilities and state institutions, including the systems of the Ministry of Foreign Affairs and\r\nthe Ministry of Economic Development.\r\nThe goal of these attacks was “to gain access to electronic documents and servers with secret government data,”\r\nthe SBU said. The hackers were found guilty of treason and gaining unauthorized access to computers. \r\nThe trial was conducted in the absence of the accused, and their current whereabouts were not specified. The\r\nsentence will begin from the date of the actual apprehension of the convicts, according to the statement.\r\nhttps://therecord.media/ukraine-in-absentia-sentencing-russia-armageddon-gamaredon-hackers\r\nPage 1 of 3\n\nIn 2021, Ukraine identified eight members of Armageddon by listening to intercepted phone conversations.\r\nSklianko and Chernykh were among them.\r\nUkraine stated that Armageddon is one of the most dangerous threat actors targeting the country during its war\r\nwith Russia. The group primarily conducts cyberespionage operations against Ukrainian security and defense\r\nservices, but it has also been linked to at least one destructive cyberattack against an unspecified information\r\ninfrastructure facility.\r\nAccording to recent research by the Slovakia-based cybersecurity firm ESET, the group has also attempted to\r\nattack Ukraine’s allies in several NATO countries, including Bulgaria, Latvia, Lithuania, and Poland. The volume\r\nof Armageddon’s attacks on Ukraine is prolific. In 2022 and 2023, researchers observed more than a thousand\r\nunique devices in Ukraine targeted by the group.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/ukraine-in-absentia-sentencing-russia-armageddon-gamaredon-hackers\r\nPage 2 of 3\n\nDaryna Antoniuk\r\nis a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in\r\nEastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for\r\nForbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.\r\nSource: https://therecord.media/ukraine-in-absentia-sentencing-russia-armageddon-gamaredon-hackers\r\nhttps://therecord.media/ukraine-in-absentia-sentencing-russia-armageddon-gamaredon-hackers\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://therecord.media/ukraine-in-absentia-sentencing-russia-armageddon-gamaredon-hackers" ], "report_names": [ "ukraine-in-absentia-sentencing-russia-armageddon-gamaredon-hackers" ], "threat_actors": [ { "id": "81bd7107-6b2d-45c9-9eea-1843d4b9b308", "created_at": "2022-10-25T15:50:23.320841Z", "updated_at": "2026-04-10T02:00:05.356444Z", "deleted_at": null, "main_name": "Gamaredon Group", "aliases": [ "Gamaredon Group", "IRON TILDEN", "Primitive Bear", "ACTINIUM", "Armageddon", "Shuckworm", "DEV-0157", "Aqua Blizzard" ], "source_name": "MITRE:Gamaredon Group", "tools": [ "QuietSieve", "Pteranodon", "Remcos", "PowerPunch" ], "source_id": "MITRE", "reports": null }, { "id": "61940e18-8f90-4ecc-bc06-416c54bc60f9", "created_at": "2022-10-25T16:07:23.659529Z", "updated_at": "2026-04-10T02:00:04.703976Z", "deleted_at": null, "main_name": "Gamaredon Group", "aliases": [ "Actinium", "Aqua Blizzard", "Armageddon", "Blue Otso", "BlueAlpha", "Callisto", "DEV-0157", "G0047", "Iron Tilden", "Operation STEADY#URSA", "Primitive Bear", "SectorC08", "Shuckworm", "Trident Ursa", "UAC-0010", "UNC530", "Winterflounder" ], "source_name": "ETDA:Gamaredon Group", "tools": [ "Aversome infector", "BoneSpy", "DessertDown", "DilongTrash", "DinoTrain", "EvilGnome", "FRAUDROP", "Gamaredon", "GammaDrop", "GammaLoad", "GammaSteel", "Gussdoor", "ObfuBerry", "ObfuMerry", "PlainGnome", "PowerPunch", "Pteranodon", "Pterodo", "QuietSieve", "Remcos", "RemcosRAT", "Remote Manipulator System", "Remvio", "Resetter", "RuRAT", "SUBTLE-PAWS", "Socmer", "UltraVNC" ], "source_id": "ETDA", "reports": null }, { "id": "236a8303-bf12-4787-b6d0-549b44271a19", "created_at": "2024-06-04T02:03:07.966137Z", "updated_at": "2026-04-10T02:00:03.706923Z", "deleted_at": null, "main_name": "IRON TILDEN", "aliases": [ "ACTINIUM ", "Aqua Blizzard ", "Armageddon", "Blue Otso ", "BlueAlpha ", "Dancing Salome ", "Gamaredon", "Gamaredon Group", "Hive0051 ", "Primitive Bear ", "Shuckworm ", "Trident Ursa ", "UAC-0010 ", "UNC530 ", "WinterFlounder " ], "source_name": "Secureworks:IRON TILDEN", "tools": [ "Pterodo" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775434595, "ts_updated_at": 1775826759, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/4b333701d43e06b6dc3036d0c17acdca6ddd5444.pdf", "text": "https://archive.orkl.eu/4b333701d43e06b6dc3036d0c17acdca6ddd5444.txt", "img": "https://archive.orkl.eu/4b333701d43e06b6dc3036d0c17acdca6ddd5444.jpg" } }