Russian cyberattacks against Ukraine have significantly escalated in the first half of 2024, according to an analytical report released by the State Service of Special Communications and Information Protection of Ukraine (SSSCIP).
The report reveals a substantial increase in cyberattacks against government institutions, local authorities, and key sectors such as defense and energy. The number of cyber incidents processed in these sectors has more than doubled compared to the previous year. Among the most common tactics used by Russian hackers are phishing attacks and the deployment of malware, aimed at both espionage and sabotage.
Phishing campaigns and malicious software have been observed being the primary tools used by Russian hackers to infiltrate Ukrainian military, governmental, and critical infrastructure systems. Hackers are also exploiting vulnerabilities to steal intelligence and assess the outcomes of military operations, using cyber elements to gather feedback on kinetic strikes.
Aside from espionage, Russian hacker groups have ramped up efforts to disrupt civilian infrastructure. These destructive cyberattacks, which are far cheaper than missile strikes but can have equally devastating effects, are increasingly used to target Ukraine's critical infrastructure.
Since early 2024, Russian hackers have shifted from outright destruction to securing long-term footholds in Ukrainian networks. By maintaining a covert presence in these systems, they gather intelligence critical to military operations and strategic objectives. The CERT-UA team (Cyber Emergency Response Team of Ukraine) reported a 19% increase in cyber incidents during the first half of 2024, with a notable 40% rise in malware distribution and a 90% increase in infections.
The Russian hacker group UAC-0050 was particularly active at the start of the year, launching frequent email campaigns distributing malware. However, by mid-year, the activity of other groups, such as UAC-0149 and UAC-0184, took prominence, with a more sophisticated approach that targeted individuals within Ukraine's Defense Forces.
The report also warns of the increasing use of cyberattacks aimed at critical infrastructure in Ukraine. In particular, energy networks and security organizations are prime targets for sabotage, with the potential to cause widespread disruption. These cyberattacks are designed not only to disrupt operations but also to gather valuable information that could be used to inform future military strikes or to destabilize the country.
The financial sector has also been affected, with ransomware attacks becoming more prevalent. In these incidents, hackers encrypt data and demand payment for decryption keys, leaving organizations with no choice but to comply or risk losing access to vital information.
On the same note, the PwC threat intelligence unit has released a report analyzing the web infrastructure linked to COLDWASTREL (aka White Dev 185 and UAC-0102), a Russian threat actor known for its attacks on NGOs.