Russian Cyber Attacks on Ukraine Increased by 250% in 2022, with Intense Focus on Government, Military, and Critical Infrastructure Sectors

Russian Cyber Attacks on Ukraine Increased by 250% in 2022, with Intense Focus on Government, Military, and Critical Infrastructure Sectors

According to a joint report by Google's Threat Analysis Group (TAG) and Mandiant, Russian cyber attacks against Ukraine have surged by 250% in 2022 compared to two years ago. The attacks, which have persisted following the country's military invasion of Ukraine in February 2022, have heavily targeted the Ukrainian government and military entities, as well as critical infrastructure, utilities, public services, and media sectors.

The report indicates that there have been more destructive cyber attacks in Ukraine during the first four months of 2022 than in the previous eight years, with attacks peaking around the start of the invasion. The attacks have been carried out using six unique wiper strains, suggesting that Russian threat actors are willing to forgo persistent access.

In addition to the attacks on Ukraine, phishing attacks aimed at NATO countries witnessed a 300% spike over the same period, driven by a Belarusian government-backed group dubbed PUSHCHA, which is aligned with Russia.

TAG's Shane Huntley noted that "Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to gain a decisive wartime advantage in cyberspace, often with mixed results." Key actors involved in the efforts include FROZENBARENTS, FROZENLAKE, COLDRIVER, FROZENVISTA, and SUMMIT.

The invasion has also been accompanied by the Kremlin engaging in covert and overt information operations designed to shape public perception to undermine the Ukrainian government, fracturing international support for Ukraine, and maintaining domestic support for Russia.

The ongoing conflict has led Chinese government-backed attackers to shift their focus toward Ukrainian and Western European targets for intelligence gathering.

The report also highlights a notable shift in the Eastern European cybercriminal ecosystem, blurring the lines between financially motivated actors and state-sponsored attackers. The development points to UAC-0098, a threat actor that historically delivered the IcedID malware, repurposing its techniques to assault Ukraine as part of a set of ransomware attacks.

The disclosure comes as the Computer Emergency Response Team of Ukraine (CERT-UA) warns of phishing emails targeting organizations and institutions that purport to be critical security updates but contain executables that lead to the deployment of remote desktop control software on the infected systems.

Despite Russia's failure to substantively advance its agenda through cyber operations, the report notes that it maintains its intent to bring Ukraine under Russian control, while also highlighting its burgeoning military cooperation with Iran and North Korea. The report concludes that cyber will continue to play an integral role in future armed conflict, supplementing traditional forms of warfare.

Thank you for reading our blog today. We hope you found the information helpful and informative. If you enjoyed this blog, follow us on Twitter, Instagram, Linkedin, GitHub, Website, and Youtube for more exciting content and updates. If you have any questions or comments, please feel free to reach out to us. We would love to hear from you. Don't forget to share this with your friends and family who may also find this information useful. Thank you for your support and stay tuned for more!

Did you find this article valuable?

Support Hacker's Haven by becoming a sponsor. Any amount is appreciated!