Copyright © 2024 Euromaidanpress.com

The work of Euromaidan Press is supported by the International Renaissance Foundation

When referencing our materials, please include an active hyperlink to the Euromaidan Press material and a maximum 500-character extract of the story. To reprint anything longer, written permission must be acquired from [email protected].

Privacy and Cookie Policies.

Russian hackers adopt new cyberwarfare tactics against Ukraine

The cyber battlefield continues to evolve, with Russian hackers shifting from broad, destructive attacks to stealthy, targeted operations aimed at the heart of Ukraine’s war effort and supply chains.
Illustrative image, photo via Wikimedia.
Illustrative image, photo via Wikimedia.
Russian hackers adopt new cyberwarfare tactics against Ukraine

The Ukrainian government reports that Russian hackers switched their focus in the first half of 2024 on everything, directly related to the theater of war and supply chain attacks.

This change not only poses new challenges for Ukraine’s defense systems but also serves as a critical case study for other nations and organizations worldwide. The resilience of Ukrainian IT infrastructure in the face of these evolving threats highlights the importance of adaptive cybersecurity measures and international cooperation in countering advanced persistent threats.

As reported by Ukraine’s State Special Communications Service in the analytical report ‘Russian Cyber Operations’ (H1 2024), at the start of the full-scale Russian invasion in 2022, Russian hackers focused on attempts to destroy IT systems in the critical infrastructure sector, as well as obtaining databases and lists.

In addition, they also were actively conducting campaigns against media and commercial organizations. Russian hackers attacked flaws, vulnerabilities, and exploited easy opportunities.

In 2023, their strategy gradually shifted to more covert operations with a goal of acquiring information and using a cyber component to receive feedback on the results of kinetic strikes. The Ukrainian government reports that ”Ukrainian IT showed its resilience and ability to quickly recover from breaches.”

In 2024, Ukraine observes a shift in the focus of Russian hackers to everything that is directly related to the theater of war and supply chain attacks, with the aim of remaining invisible for as long as possible, maintaining a presence in Ukrainian systems that have a connection with war and state activities.

Cyber threats and methods

The document outlines cybersecurity trends and threats observed in the first half of 2024, continuing patterns from late 2023. Cyber espionage attacks primarily used targeted email campaigns to distribute malicious software. Eight significant cyber threat clusters were identified, including groups from Russia, China, and occupied territories.

At the beginning of 2024, the Russian hacker group UAC-0050 was responsible for most malicious email campaigns, with up to five incidents weekly. However, their activity declined by March and ceased by April. Groups UAC-0149 and UAC-0184 then became more prominent, using sophisticated methods to target individuals in the Defense Forces. Attacks from UAC-0010, operated by Russia’s FSB, have been ongoing since 2014.

The document mentions several unattributed hacker groups possibly linked to Russian government entities like RosGvardia, MVD, and the Federal Protective Service. It also notes that UAC-0006, a group involved in stealing funds from Ukrainian companies, disappeared in March 2024 but resurfaced in May.

During UAC-0006’s absence, several ransomware attacks occurred, encrypting data in commercial companies’ networks, including backups. The only recovery option for affected companies was to comply with the attackers’ demands.

Hackers are increasingly targeting messenger accounts to spread malware and phishing campaigns, aiming to compromise high-value targets and exploit messaging histories. This tactic is used for both espionage and financial gain, the document states.

The document highlights the risk of pre-packaged backdoors in pirated software leading to system infections. It acknowledges the importance of international support in providing licensed software and security tools to minimize these risks.

However, it emphasizes that this support alone is insufficient, stressing the critical need for licensed software such as Windows, Office, EDR, MDM, SIEM, and IDM for both Ukrainian military and civilian organizations to avoid vulnerabilities from unlicensed software.

Related:

You could close this page. Or you could join our community and help us produce more materials like this.  We keep our reporting open and accessible to everyone because we believe in the power of free information. This is why our small, cost-effective team depends on the support of readers like you to bring deliver timely news, quality analysis, and on-the-ground reports about Russia's war against Ukraine and Ukraine's struggle to build a democratic society. A little bit goes a long way: for as little as the cost of one cup of coffee a month, you can help build bridges between Ukraine and the rest of the world, plus become a co-creator and vote for topics we should cover next. Become a patron or see other ways to support. Become a Patron!

To suggest a correction or clarification, write to us here

You can also highlight the text and press Ctrl + Enter

Please leave your suggestions or corrections here



    Euromaidan Press

    We are an independent media outlet that relies solely on advertising revenue to sustain itself. We do not endorse or promote any products or services for financial gain. Therefore, we kindly ask for your support by disabling your ad blocker. Your assistance helps us continue providing quality content. Thank you!

    Related Posts