Ukraine reports drop in cyberattacks by pro-Russian groups
The State Service of Special Communications and Information Protection of Ukraine published Saturday its cyber incidents report for the first quarter of this year, showing a decrease in the number of attacks by pro-Russian groups targeting the commercial and financial sectors, the government and local authorities, and at the security and defense sectors. At the same time, the intensity of attacks on the energy sector and the mass media remains at the same level.
“Considering the Kremlin’s stepping up its information operations to justify the unprovoked invasion of Ukraine and, thus, creating conditions for a protracted war in Ukraine, there are no fundamental reasons to believe that the trend towards a decrease in the number of cyberattacks targeting Ukrainian organizations of various forms of ownership and industries will continue in the future,” the Ukrainian government agency said in a blog post.
It added that, during the reporting period, the Vulnerability Detection and Cyber Incident and Cyberattack Response System detected 7 million suspicious information security events at initial analysis. It also revealed that it processed 34,000 critical information security events, with potential cyber incidents detected through filtering suspicious IS events and secondary analysis; and 202 cyber incidents were recorded and processed by security analysts directly.
The agency also disclosed that BARAT, Emotet, Cobalt Strike, and Meris represent the most frequently used C2 infrastructure determined as the source of potential network intrusion events or organizational security policy violations detected in incoming network traffic by the Telemetry Collection Subsystem.
“Among the types of malware families detected in the category ‘02 Malicious software code,’ Snake Keylogger, Agent Tesla, LokiBot, PurpleFox, Formbook, Guloader, Remcos, Asyncrat, Azorult, and NanoCoreprevail during the reporting period,” the report added. “Since the beginning of 2023, the number of attacks organized by pro-russian hacktivist groups targeting the commercial, financial, government and local authorities as well as the security and defence sectors has significantly decreased (by 1.5-2.9 times for different sectors) compared to the 4th quarter of 2022.”
However, the report added that the “Kremlin intensificates information operations to justify an unprovoked invasion of Ukraine creating conditions for a protracted war in Ukraine, so there is no fundamental reason to believe that the downward trend in the number of cyberattacks targeting Ukrainian organizations of various forms of ownership and industries will continue.”
At the same time, the intensity of cyberattacks targeting the energy and media sectors remains at the same level,” it added. “XakNet, NoName057(16), RussianHackersTeam, RaHDitand Free Civillianare the most active pro-Russian hacktivist groups, with the number of attacks organized during the first quarter of 2023 accounting for 90% of the total number of recorded attacks organized by similar groups during the reporting period.”
The report said that according to the Russian-Ukrainian war cyber tracker maintained by ‘@Cyberknow20,’ Telegram is used by hacktivists as a leading platform for organizing malicious activity. “The interest to the platform as a ‘cybercrime ecosystem’ is confirmed by the recent release of the article Telegram – How a messenger turned into a cybercrime ecosystem by 2023 by KELA, the cyber threat intelligence company,” it added.
KELA further revealed that the manufacturing and industrial sectors were most targeted by ransomware attackers and data leak actors during the first quarter of this year. LockBit, Royal, and Alphv were behind over 50 percent of the attacks in this sector, while the U.S. is still the most targeted country, recording 45 percent of ransomware and extortion attacks.
A complimentary guide to the who`s who in industrial cybersecurity tech & solutions
Free DownloadRelated
