According to Atlas VPN, Russian hackers have been increasingly sophisticated in their attacks against the government and IT organizations of Ukraine and its allies.
The attacks appear to be well-funded and organized, leading some to speculate that the Russian government is responsible. The cyberattacks were designed to steal private data, interfere with systems, and create havoc in the targeted nations.
The government sector was by far the most frequently targeted sector between February 2022 and January 2023, according to a recent Microsoft Threat Intelligence report.
Microsoft's team found 46 coordinated cyberattacks against various governmental entities.
With 17 attacks in the past year, Russian threat actors targeted IT and communications firms as well.
The energy sector was also among the most targeted industries, having experienced 16 cyberattacks.
Between January 12 and January 28, 2023, a phishing campaign was launched by the alleged Russian threat actor IRIDIUM to gain access to accounts at Ukrainian companies operating in the energy and defense industries.
The government and telecommunications sectors are important for maintaining national security, and the energy sector contributes significantly to Ukraine's revenue. As such, this fits with the traditional targets of Russian cyberattacks in that country.
A variety of strategies have been employed by Russian hackers to breach IT and governmental institutions. Spear-phishing is one of the techniques used, and it entails sending emails with malicious links or attachments that, when clicked, infect the intended computer with malware.
Hackers are now using sophisticated methods, including zero-day exploits, which are software flaws that the software vendor is not yet aware of, to carry out increasingly sophisticated attacks.
The potential for critical infrastructure to be harmed is one of these attacks' most worrisome aspects. Ukrainian infrastructure for energy and transportation has already been the target of Russian hackers.
Attacks Outside of Ukraine
These attacks prey on a variety of targets in addition to the Ukrainian government and IT companies. Russia has also taken aim at businesses in other nations, including NATO members, in an effort to disrupt their operations and obtain access to sensitive data.
Microsoft noted that Russian nation-state threat activity had targeted businesses in 74 countries, excluding Ukraine, between February 23, 2022, and February 7, 2023.
EU and NATO member states, notably those on the eastern border, lead the list of the top 10 most vulnerable states, according to the volume of reported threats.
The government and IT sector enterprises were of particular interest to Russian threat actors in the 74 nations they attacked, just like in Ukraine.
There were 100 cyberattacks on the government and 51 such attacks on the IT and communications industries.
Hackers manipulate IT companies to take advantage of established technological connections and obtain access to clients in sensitive institutions like the government and those affecting policy.
Hackers focused heavily on the operations of various non-profit organizations and attempted to thwart them by initiating 31 cyberthreats during the course of the previous year.
With 16 threats apiece, sophisticated cyberattacks were conducted against businesses in both the energy and education sectors as well.