Digital transformation

Russia changes its cyberattack tactics against Ukraine.

Phan Van Hoa September 28, 2024 06:24

According to a report by Ukraine's Special Service for the Protection of Information and Communications (SSSCIP), cyberattacks by threat actors linked to Russia have shifted to targeting any systems directly involved in the conflict.

According to the SSSCIP report, although the number of serious and high-severity cyberattacks in Ukraine has decreased significantly, down 85% compared to the same period last year, the total number of cyberattack incidents increased by 19% compared to the second half of 2023. Notably, the number of investigated cyberattack incidents targeting the security, defense, and energy sectors has doubled.

In 2022, when the war broke out, Russian hackers changed their attack methods. Instead of targeting easy targets like companies and organizations with weak security, they began attacking critical Ukrainian systems, such as computer systems and information networks. Their goal was to destroy these systems, steal important data, and disrupt information flow.

Ảnh minh họa
Illustrative image.

When they realized their old methods were no longer effective, in 2023, Russian hackers changed their target. This time, they attacked Ukrainian cybersecurity companies, ministries, and government agencies. Their aim was to disrupt government operations and cause difficulties for the public. However, Ukrainians quickly rectified the damage.

In 2024, the situation in Ukraine became more complicated as Russian hackers shifted their targets. Instead of targeting other entities, they focused on things directly related to the war, such as companies providing services to the military. Their aim was to stealthily infiltrate these systems to disrupt them and gather information.

Yevheniya Nakanechna, head of SSSCIP, warned that: "Hackers are not only exploiting every vulnerability but are also focusing their attacks on critical systems that enable the military to operate more effectively."

In the first six months of 2024, only three serious network incidents were recorded, a significant decrease compared to 31 incidents in the last six months of 2023 and 27 incidents in the first six months of 2023. Most incidents were of moderate severity, with the number increasing by 32% compared to the same period last year.

The number of attacks targeting the security and defense sector has more than doubled, from 111 in the second half of 2023 to 276 in the first half of 2024. Ukraine has observed activity from eight cyber threat groups, some of which may be linked to the Russian National Guard (RosGvardia), the Russian Ministry of Internal Affairs, the General Staff, and the Special Communications Service.

Recently, the cybersecurity situation in Ukraine has become alarming with a dramatic increase in malware infections, reaching 90%. The main cause has been identified as the massive download and use of pirated and unofficial software. This software often contains malicious code, creating opportunities for hackers to infiltrate and steal personal data, disrupt system operations, and even cripple critical national infrastructure.

Cyberattacks targeting Ukraine are not limited to disrupting systems; they are also being exploited for illicit gain. Russian hackers have deployed sophisticated campaigns to infiltrate and steal accounts on popular messaging apps like WhatsApp and Telegram.

In March 2024, the Sandworm hacking group carried out a sophisticated cyberattack targeting 20 Ukrainian energy infrastructure facilities. By exploiting vulnerabilities in the systems of a general service provider, they were able to simultaneously attack multiple critical infrastructures. The consequences of this attack were severe, causing widespread power outages, water shortages, and heating disruptions, affecting the lives of millions of people and causing significant economic damage to the country.

The SSSCIP report concludes: "The cyber war shows no sign of stopping. The enemy is constantly seeking to exploit every vulnerability to gather intelligence, especially targeting military personnel and government agencies. Cyberattacks are becoming increasingly sophisticated, ranging from sending phishing emails to steal passwords to infecting computer systems with malware to steal critical data. Their goal is not only to steal information but also to disrupt the operations of government agencies, create public panic, and undermine the morale of the military."

Phan Van Hoa