Ukrainian government and private sector organizations have been the target of 796 cyberattacks since the start of the war on February 24, 2022, when Russia invaded Ukraine.
According to Ukraine’s cybersecurity defense and security agency SSSCIP (short for State Service of Special Communications and Information Protection), the country’s networks have been under a constant barrage of hacking attempts since the war started.
“Enemy hackers continue to attack Ukraine. The intensity of cyberattacks has not decreased since the beginning of Russia’s full-scale military invasion, although their quality has been declining,” SSSCIP said on Thursday.
The country’s government and local authorities, as well as its defense organizations, are the key sectors that have been targeted the most during the first months of the war, in a total of 281 attacks.
The list of industry sectors heavily impacted by cyberattacks also includes the financial, telecom, infrastructure, and energy sectors.
Most of the attacks detected by Ukraine’s cybersecurity defense agency were focused on information harvesting (242 incidents), while the rest aimed to breach, take down, or infect targeted systems with malware.
Russian cyberattacks linked to military strikes
SSCIP’s data aligns with a report published by Microsoft in April when the company revealed the scale of Russian-backed cyberattacks against Ukraine since the February invasion.
Tom Burt, Microsoft’s corporate vice president for customer security and trust, said that Redmond’s security analysts detected multiple Russian hacking groups targeting the country’s infrastructure and Ukrainian citizens in hundreds of attacks aiming to deploy destructive malware on critical systems and disrupt civilian access to reliable information and critical life services.
“Starting just before the invasion, we have seen at least six separate Russia-aligned nation-state actors launch more than 237 operations against Ukraine – including destructive attacks that are ongoing and threaten civilian welfare,” Burt revealed in April.
The Microsoft Threat Intelligence Center (MSTIC) also observed threat groups linked to the GRU, SVR, and FSB Russian intelligence services (e.g., APT28, Sandworm, Gamaredon, EnergeticBear, Turla, DEV-0586, and UNC2452/2652) intensifying their attacks against Ukraine and its allies starting with March 2022.
Burt also highlighted a direct link between Russian-backed cyberattacks and Russia’s military operations, with the timing of hacking attempts closely matching that of missile strikes and sieges coordinated by Russia’s army.
Russia stepping up efforts to hack Ukraine’s allies
“MSTIC has detected Russian network intrusion efforts on 128 targets in 42 countries outside Ukraine,” Smith said.
“These represent a range of strategic espionage targets likely to be involved in direct or indirect support of Ukraine’s defense, 49 percent of which have been government agencies.”
The vast majority of these attacks are mainly focused on gathering sensitive information from government agencies in countries with crucial roles in NATO’s and the West’s response to Russia’s war.
Microsoft also revealed that, since the start of the war in Ukraine, Russian-backed threat groups have succeeded in 29% of their attacks, and, in a quarter of these intrusions, they were also able to exfiltrate stolen data.