Bad Rabbit
Date of report
  • October 2017
  • Believed to be the work of APT 28
Using a tool called Bad Rabbit, a threat actor launched a ransomware operation that encrypted data on networks in Bulgaria, Japan, Russia, Turkey, and Ukraine. The operation is believed to have disrupted the Kiev metro system's payment network and delayed flights at Odessa's airport. In October 2018, the United Kingdom attributed this incident to Russian military intelligence.
Suspected victims
  • Ukraine
  • Bulgaria
  • Japan
  • Turkey
  • Russia
Suspected state sponsor
  • Russian Federation
Type of incident
  • Sabotage
Target category
  • Government
Victim government reaction
  • Unknown
Suspected state sponsor response