Government and private sector organizations from Ukraine have been targeted by 796 cyberattacks, since February 24, just after the Russian invasion of Ukraine.

A barrage of targeted attacks

According to Ukraine's SSSCIP, the country's networks are under constant hacking attempts by Russian hackers. 
  • The country's government, local authorities, and defense organizations are the main sectors that have been targeted the most during the first months of the war, with 281 attacks.
  • Additional sectors heavily impacted by cyberattacks include energy, telecom, infrastructure, and finance.
  • Most attacks focused on information harvesting (242 events), along with breach, take down, or malware deployment.

Some recent attacks

Recently, Russian cybercriminals have performed a cyberattack on Ukraine's biggest private energy conglomerate, DTEK Group, to get an act of revenge on its owner's opposition to Russia's war in Ukraine.
  • Last month, the Ukrainian CERT warned that Russia's APT28 group using Follina vulnerability in their phishing campaigns. They deployed Cobalt Strike beacons and CredoMap. 
  • The CERT-UA had spotted one more campaign launched by a theat group UAC-0098, abusing Follina. They were using a DOCX file and the Cobalt Strike beacon (ked[.]dll) payload.

Conclusion

Ukraine has already faced lots of cyberattacks originating from Russia-based or supported hackers since the invasion. The present trend also shows that the hackers wouldn’t be halting their operations anytime soon. Private and government organizations are suggested to follow CERT-UA for recommendations and mitigations against the ongoing barrage of Russian cyberattacks.
Cyware Publisher

Publisher

Cyware