Russia changes cyber attack tactics on Ukraine
According to a report by Ukraine's Special Service for Information and Communications Protection (SSSCIP), cyberattacks by Russian-linked threat actors have shifted to targeting any systems directly involved in the war.
The SSSCIP report said that although the number of serious and high-severity cyberattacks in Ukraine has decreased significantly, down 85% compared to the same period last year, the total number of cyberattacks has increased by 19% compared to the second half of 2023. Notably, the number of investigated cyber incidents targeting the security, defense and energy sectors has doubled.
In 2022, as the war raged, Russian hackers changed their approach. Instead of targeting easy targets like poorly secured companies and organizations, they began targeting Ukraine’s critical systems, such as computer systems and communications networks. Their goal was to destroy these systems, steal critical data, and disrupt communications.

When the old method was no longer effective, in 2023, Russian hackers changed their target. This time, they attacked Ukrainian internet companies, ministries, and government agencies. The goal was to disrupt the government's operations and make things difficult for the people. However, the Ukrainians quickly repaired the damage.
In 2024, the situation in Ukraine becomes more complicated as Russian hackers change their targets. Instead of targeting other targets, they focus on those directly involved in the war, such as companies that provide services to the military. Their goal is to quietly penetrate these systems to cause chaos and gather information.
"Hackers are not only exploiting every weakness, but are also focusing on attacking important systems that help the military operate more effectively," warned Ms. Yevheniya Nakonechna, head of SSSCIP.
In the first 6 months of 2024, only 3 serious cyber incidents were recorded, a significant decrease from 31 incidents in the second 6 months of 2023 and 27 incidents in the first 6 months of 2023. Most incidents occurred at a moderate level, with the number increasing by 32% compared to the same period last year.
The number of attacks targeting the security and defense sector more than doubled, from 111 in the second half of 2023 to 276 in the first half of 2024. Ukraine observed activity from eight cyber threat groups, some of which may be linked to the Russian National Guard (RosGvardia), the Russian Ministry of Internal Affairs, the General Staff, and the Special Communications Service.
Recently, the cyber security situation in Ukraine has become alarming as the number of malware infections has increased dramatically, reaching 90%. The main cause is determined to be the massive download and use of pirated and unofficial software by users. These software often contain malicious code, creating opportunities for hackers to infiltrate and steal personal data, disrupt system operations, and even paralyze important national infrastructure.
Cyberattacks targeting Ukraine are not limited to destroying systems, but are also used for illegal profit. Russian hackers have deployed sophisticated campaigns to infiltrate and steal accounts on popular messaging apps such as WhatsApp and Telegram.
In March 2024, the Sandworm hacker group launched a sophisticated cyberattack targeting 20 Ukrainian energy infrastructure units. By exploiting a vulnerability in the system of a utility company, they were able to simultaneously attack several critical infrastructure facilities. The consequences of this attack were severe, causing widespread power outages, water shortages, and lack of heating, affecting the lives of millions of people and causing huge economic losses to the country.
The SSSCIP report concluded: "The cyber war shows no signs of stopping. Enemies are always looking to exploit every vulnerability to collect intelligence, especially targeting military personnel and government agencies. Cyber attacks are becoming more and more sophisticated, from sending phishing emails to steal passwords, to infecting computer systems with malware to steal important data. Their goal is not only to steal information but also to disrupt the operations of state agencies, cause public panic and weaken the fighting spirit of the army."