Russian-aligned threat actors are moving away from broad information stealing campaigns across Ukraine to focus on cyber espionage targeting military infrastructure, Ukraine authorities have found in their latest mid-year cyber report.
Cyber-attacks against Ukraine’s security and defense sectors doubled between the second half of 2023 (111) and the first half of 2024 (276), according to analysis by Ukraine’s State Service of Special Communications and Information Protection (SSSCIP).
In its Russian Cyber Operations (H1 2024) report, the SSSCIP observed that Russian-aligned adversaries primarily focused on anything directly connected to the theater of war and attacks on service providers during the first half of 2024.
Notably, five threat groups attributed to Russia, UAC-0184, UAC-0020, UAC-0149, UAC-0200, and UAC-0180, were particularly active, using various versions of remote access Trojans (RATs) and other malware to maintain and remotely control compromised Windows computers belonging to members of the Ukrainian Defense Forces.
This new strategy has evolved since 2022, when Russian threat actors primarily attempted to dismantle IT infrastructures of organizations within the critical infrastructure sector and exfiltrate databases and personal data details. Then, in 2023, their main goal was to collect information across all Ukrainian sectors.
19% Rise of Cyber-Attacks Targeting Ukraine
The SSSCIP report also showed that overall registered cyber incidents amounted to 1739 in the first half of 2024, a 19% rise compared to the previous reported period.
However, this increase is mainly due to a boom in low - and medium-severity incidents, while high- and critical-severity incidents decreased.
Finally, the report found that cyber adversaries targeting Ukraine have increased their reliance on malware to conduct their campaigns, with 196 infections, including malicious software in the first half of 2024 from 103 during the previous period.
This trend is mainly due to an increased use of pirated software pre-packaged with backdoors.
“We must also emphasize that providing licensed software such as Windows, Office, EDR, MDM, SIEM, and IDM is critically important for both Ukrainian military and civilian organizations to avoid vulnerabilities arising from malware infections through unlicensed software,” the report concluded.
The report was based on data collected by CERT-UA, SOC-SSCIP, and other SSSCIP cyber divisions.