The Computer Emergency Response Team of Ukraine (CERT-UA) has detected and analyzed more than 1,500 cyberattacks launched by threat actors against Ukraine since Russia had unleashed war on the country in late February 2022, the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) revealed.
According to the agency, most of the attacks have been launched from Russia.
Between September and December 2022, the Ukrainian defenders have observed multiple malicious operations coming from numerous Russian and pro-Russian hacker groups, including those believed to be affiliated with Russian security and intelligence agencies such as Armagedon (aka Gamaredon, Primitive Bear), which CERT-UA tracks as UAC-0010, Sandworm (UAC-0082), APT28 (Fancy Bear, UAC-0028), APT29 (Cozy Bear, UAC-0029), and UNC1151/Ghostwriter (UAC-0051). The letter APT group is thought to be working on behalf of Belarus Ministry of Defense. The government in Belarus has supported Russia since the start of the war in Ukraine by providing weapons, military bases and logistical support.
The list of attackers also includes pro-Russian cyber terrorists such as Xaknet, Killnet, Z-Team, Cyberarmyofrussia_reborn (tracked as UAC-0106, UAC-0108, UAC-0109, UAC-0107 respectively).
Primary objectives of the hackers include espionage, more specifically, obtaining intelligence regarding logistics, armaments, plans and operations of the Security and Defense Forces; attempts to cripple critical information infrastructure facilities, block access to public, banking services, and disseminate false or misleading information to undermine public confidence in capabilities of the public authorities, the Security and Defense Forces, and spread panic among people.
“But nonetheless, russia-affiliated groups are still unable to achieve their strategic purpose and inflict substantial damage to our infrastructure,” the SSSCIP assured.