Although Ukraine recorded much fewer cyberattacks in January 2023 than at the same time last year, digital warfare is far from ending – but cyber resilience is improving.
The Computer Emergency Response Team of Ukraine (CERT-UA) investigated around 100 cyber incidents in January 2023, recording two and a half times fewer attacks than in January 2022.
“It can be explained by the fact that both the government and businesses have materially improved their cyber resilience for the last year. Many institutions that used to disregard the matters of cyber defense before the cyberwar have now placed a priority on this area,” the report explains that phenomenon.
Civil Ukrainian targets are generally attacked first, with the majority of incidents belonging to the central and local authorities and civil services. CERT-UA also noted an increase in attacks against IT and telecommunications providers.
"In addition, priority targets include components of the banking (financial) system, web portals of state institutions, logistical arteries of media distribution, and all platforms that can be used to spread fakes. At the beginning of the war, the danger of posting fake messages on behalf of government agencies on official web portals could adversely affect millions of people due to shock and poor orientation. However, such a provocation today will not be able to provide the desired effect, because the defeat of the Russian army is well known," Artem Oliinyk, Political Scientist and Researcher at the Academy of Political Science of Ukraine at Coventry University, told Cybernews.
Out of the investigated incidents, the majority (40) related to malware, followed by exploiting known vulnerabilities (21) for intrusion. The most commonly used vulnerabilities are Zimbra, web/PHP, and c-panel.
The report also notes several studies, including that of the SSSCIP and experts of the Ukrainian Economic Security Council, which found that Russia’s cyber aggression spills beyond Ukraine and affects other nations, as well. They tend to focus on civil infrastructure, as well, the report suggests.
“Attacks on democratic countries’ infrastructure are often waged for the purpose of a certain psychological influence on the public and to undermine the authority of the governments.”
Additionally, another notable study by the SSSCIP’s State Cyber Defense Center experts examines the GammaLoad and GammaSteel spyware used by the UAC-0010 (Gamaredon, Armageddon, Primitive Bear) hacking group. According to CERT-UA, belonging hackers are former officers of the Security Service of Ukraine in Crimea who now work for one of the units of the Federal Security Service (FSB).
The gang targets Ukrainian public infrastructure by utilizing GammaLoad and GammaSteel while constantly modifying spyware variations to remain undetectable. All Ukrainian institutions are hence recommended to enhance their security protections.
More from Cybernews:
Subscribe to our newsletter