Russian hackers have shifted their focus in Ukraine from disruption to cyber espionage, data theft and psychological operations, according to a report by Ukraine’s State Service of Special Communications and Information Protection.
The Kremlin has now targeted energy infrastructure, and hackers increasingly exploit software vulnerabilities inside service providers’ infrastructure and use island hopping to gain access to end targets.
The report revealed that 1,148 of the 2,194 cyber incidents investigated last year posed a critical, high-level risk, with most targeting the military, security and defence sectors.
At the same time, the government APT hacking teams that actively engaged in cyber operations against Ukraine included the Federal Security Service unit called Gamaredon, aka Actinium, which carried out a large number of attacks in the second half of 2022; the GRU military intelligence unit APT28, aka Strontium and Fancy Bear; SVR units APT29, aka Nobelium and Cozy Bear; and UAC-0035, aka InvisiMole, which focuses on cyber espionage.
Also, Russian hackers employed “four-hop supply chain attacks” to target Ukraine’s energy infrastructure, which were at their highest at the end of 2022.
The decline in phishing attacks appears to have been a response to Ukraine’s IT teams migrating more government systems to the cloud, backed by service providers’ email filtering and protection.
While that doesn’t eliminate the risk posed by social engineering and individuals who fall victim to well-crafted phishing emails, it has taken a bite out of the impact of malicious Russian emails carrying information-stealing malware.
The changing tactics of Russian hackers reflect a shift from the quick invasion military planners envisioned to the relative stalemate that now persists in the region. As military efforts stalled, Putin ordered assaults on civilian infrastructure.
