Russian cyberattacks on Ukraine's private sector intensify


While the Ukrainian government remains the prime target, the number of cyberattacks against commercial organizations has increased, says a CERT-UA report.

In the first quarter of this year, the Computer Emergency Response Team of Ukraine (CERT-UA) noticed an increased number of attacks on the country’s commercial organizations. CERT-UA attributed the increase to private companies implementing new solutions on their systems.

“Based on our analytics, we can conclude that the enemy is likely to prepare some destructive actions at commercial organizations or attacks aimed at financial profit. The latter is also evidenced by a growth in phishing attacks and account compromises targeting the Ukrainian banking system,” writes CERT-UA in the report.

ADVERTISEMENT

Russia uses cyberattacks to collect information that among other things, can provide them with an edge in conventional warfare, claims CERT-UA.

Most of the analyzed cyberattacks fall into the categories of Intrusion and Malicious Code. This primarily includes the spread of spyware designed for espionage activities, as well as Vulnerability Exploits and Phishing.

Government remains main target

In 2023, Russian hackers continued to keep their sights firmly set on central and local government bodies in Ukraine as their primary targets.

Out of a total of 549 analyzed cyberattacks, approximately one-third were aimed at public organizations, including government agencies and local authorities.

CERT-UA reports that “the intensity of attacks against Ukrainian information infrastructure remained at a steady level over the reporting period, except for early January.”

Cyberthreat from unlicensed software

CERT-UA team raises concerns regarding a growing number of infections from unlicensed software among Ukrainian organizations.

ADVERTISEMENT

According to the team, InvisiMole hacking group, associated with Russia’s foreign intelligence service, utilized torrent trackers and pirated versions of software to spread malicious code.

In March, CERT-UA identified unauthorized access to the information and communication systems of a utility company in Ukraine.

Investigation showed that the compromise of the company’s systems took place when one of the employees installed an unlicensed version of Microsoft Office 2019, downloaded from the Torrent Toloka tracker.

Similar cases have been documented where devices were infected after downloading operating systems and other programs such as scanners and password recovery tools from unofficial sources.

CERT-UA gives safety recommendations

To prevent cyberthreats, CERT-UA recommends organizations regularly monitor their information infrastructure and conduct an inventory of assets to clearly understand what needs to be protected and which incidents could be the most critical for their operations.

Therefore, it's crucial for organizations to ensure the timely installation of software updates to prevent cyberattacks. Administrators should conduct regular audits of information systems, ideally with the help of services recommended by CERT-UA.

CERT-UA encourages cooperation between companies and organizations in similar fields, as sharing information and resources can help to prepare and prevent cyberattacks.

“Outreach activity is important. Therefore, it is necessary to develop a culture of cybersecurity in the team, conduct regular trainings and develop relevant skills. It is necessary to have a clear and detailed plan for responding to cyber incidents,” said the CERT-UA.

CERT-UA asks organizations not to withhold any information related to cyber incidents. It's important to report such incidents to CERT-UA and all partners as soon as possible to prevent severe consequences.

ADVERTISEMENT