SSSCIP reports a strategic shift in Russian cyber operations in H1 2024. Targeting Ukraine’s defence sectors, attacks doubled, focusing on intelligence gathering. Ukrainian experts respond with red teaming to strengthen cyber defences against targeted threats.
Recent reports from Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) reveal a significant shift in Russian cyber operations against Ukraine in the first half of 2024. The new strategy marks a departure from previous broad-spectrum attacks to a more targeted approach focusing on Ukraine’s military and defence sectors.
According to the SSSCIP’s “Russian Cyber Operations (H1 2024)” report, cyber attacks targeting Ukraine’s defence industries more than doubled from 111 to 276 from the latter half of 2023 to the former half of 2024. This surge reflects a concerted effort by Russian-aligned threat actors to gather intelligence directly related to the ongoing conflict.
In response to these escalating threats, Ukrainian cybersecurity experts have intensified their red teaming efforts, simulating sophisticated attacks to identify and address vulnerabilities in their defence systems. This proactive approach has helped strengthen Ukraine’s cyber resilience against increasingly targeted Russian operations.
Key Threat Actors and Tactics
The majority of the activity comes down to five Russian-attributed threat groups: UAC-0149, UAC-0020, UAC-0180, UAC-0184, UAC-0200. These groups have been employing remote access Trojans (RATs) to compromise Ukrainian Forces computers that use Windows.
Russian cyber tactics have changed direction over the past couple of years. In 2022, Russian hackers focused on dismantling critical infrastructure IT systems and exfiltrating databases. This focus shifted to broad information collection within many different Ukrainian industries in 2023, before honing in on military targets in 2024.
Messaging Apps: The New Frontier
A concerning trend highlighted in the report is the increased use of messaging apps including WhatsApp, Telegram and Signal. The Signal app in particular has been used to target high-value military and government personnel. Hackers, particularly those associated with UAC-0184, gather personal information to impersonate known contacts and build trust with certain targets, akin to a phishing attack.
Once trust is established, the attackers send malicious archives disguised as relevant content. This might be combat footage or recruitment information, for example. When opened, these archives secretly infect the target’s system with malware. It is worth noting that UAC-0184 is known for its multi-stage attack and for using XWorm malware and Remcos RAT against its targets.
Rising Cyber Incidents and Malware Infections
The total number of cyber attacks that were reported in Ukraine rose by 19% to 1,739 in Q1 and Q2 of 2024 compared to Q3 and Q4 of 2023. This rise is primarily attributed to more incidents considered to be less severe, and more critical breaches went down.
Malware infections are becoming a central part of these cyberattacks. The number of infections recorded in Q1 and Q2 of 2024 was 196, up from 103 in Q3 and Q4 of 2023. This surge is partly down to a rise in unlicensed software that has been pirated but with backdoors baked into it.
Importance of Licensed Software
The SSSCIP continues to hone in on the importance of using licensed software because unlicensed software creates more vulnerabilities. For example, Office, MDM, Windows, EDR, etc. This applies to the Ukrainian military, but also civilian organizations, as they try to mitigate vulnerabilities that stem from infections.
As the conflict enters its third year, cyberspace remains core to the warfare. The SSSCIP warns that cyberattacks targeting military personnel are likely to remain important.
RELATED TOPICS
- Ukraine’s Cyberattack Cripples Russia’s Tax System
- Ukraine Claims Cyber Attack Disrupted Russian ATMs
- Ukrainian Hackers Trick Russian Military Wives for Personal Info
- Ukraine Claims Destruction of 280 Russian Servers, 2 Petabytes Lost
- Ukraine Thwart Russian Industroyer 2 Malware Attack on Energy Provider