A new joint report by Google’s Threat Analysis Group (TAG) and Mandiant reveals that Russian cyberattacks against Ukraine surged 250% in 2022 compared to two years ago.
Targets coincided and have continued since the country’s military invasion of Ukraine in February 2022, targeting Ukrainian government and military organizations alongside critical infrastructure, utilities, public services and media sectors. Emphasis is placed on
“The first four months of 2022 saw more devastating cyberattacks in Ukraine than in the previous eight years, with attacks peaking around the start of the invasion,” said Mandiant.
As many as six unique strains of wipers, including WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2, and SDelete, have been deployed against Ukrainian networks, suggesting Russian actors are attempting to withhold persistent access. I’m here.
Phishing attacks targeting NATO member states surged 300% over the same period. These efforts were driven by a group affiliated with Russia called He PUSHCHA (aka Ghostwriter or UNC1151), backed by the Belarusian government.
“Russian government-backed attackers have made aggressive and multi-pronged efforts to gain a decisive wartime advantage in cyberspace, often with mixed results. ,” said TAG’s Shane Huntley.
Key actors involved in this effort include FROZENBARENTS (aka Sandworm or Voodoo Bear), FROZENLAKE (aka APT28 or Fancy Bear), COLDRIVER (aka Callisto Group), FROZENVISTA (aka DEV-0586 or UNC2589), and SUMMIT (aka Turla) included. or poisonous bear).
Aside from the increased intensity and frequency of operations, the aggression is also designed to undermine the Ukrainian government, destroy international support for Ukraine, and shape public perception with the aim of preserving Ukraine. Accompanied by the Kremlin engaged in secret and overt intelligence operations. Support in Russia.
“GRU-sponsored attackers can use access to steal sensitive information, expose it to the public to advance the narrative, or use the same access to conduct devastating cyberattacks and information manipulation campaigns. It was
This development, in a way that blurs the lines between financially motivated actors and hackers, is a ” It further points out “notable changes in the cybercrime ecosystem in Eastern Europe.” State-sponsored attackers.
This is evidenced by the fact that UAC-0098, the threat actor that delivered IcedID malware in the past, has been observed repurposing its technology to attack Ukraine as part of a series of ransomware attacks. It has been.
Some members of UAC-0098 are believed to be former members of the now-defunct Conti cybercriminal group. TrickBot, which was absorbed into Conti’s operations before it was shut down last year, has also become a method of systematically targeting Ukraine.
Due to the ongoing conflict, Chinese government-backed actors such as CURIOUS GORGE (a.k.a. UNC3742) and BASIN (a.k.a. Mustang Panda) have shifted their intelligence gathering focus to targets in Ukraine and Western Europe.
“It is clear that cyber will continue to play an integral role in future armed conflicts, complementing traditional forms of warfare,” said Huntley.
The disclosure, which the Ukrainian Computer Emergency Response Team (CERT-UA) claims to be a critical security update, actually contains an executable file that leads to the deployment of remote desktop control software on infected systems. , when it warned about phishing emails targeting organizations and institutions.
CERT-UA attributed this operation to a threat actor tracking it under the name UAC-0096. This was previously detected employing the same modus operandi in the weeks leading up to the war in late January 2022.
“It has been a year since Russia launched its full-scale invasion of Ukraine, but Russia is still struggling to overcome months of strategic and tactical failures, leaving Ukraine to We have not succeeded in bringing it under control,” said cybersecurity firm Recorded Future in a report released earlier this month.
“Despite Russia’s traditional military retreat and failure to materially advance its plans through cyber operations, Russia maintains its intention to bring Ukraine under Russian control,” it added. , also emphasized “rapid military cooperation with Iran and North Korea.”
