The State Special Communications Service has published an analysis of hacker attacks for the second half of 2024. The report, prepared by the CERT-UA team, states that the energy sector remains a priority target for Russian hackers, who are changing their tactics in favor of long-term operations.
Hackers are using supply chain attacks as the primary vector of penetration. They are mainly focusing on compromising the suppliers of specialized software used at critical infrastructure sites.
Such companies often lack sufficient cybersecurity, and their compromise opens up new opportunities for hackers to further expand access to critical systems.
At the same time, attacks on the energy sector have transformed into more complex and prolonged operations, the execution of which can take six to eight months. These operations require attackers to use new approaches for covert infiltration, maintaining access, and exploiting vulnerabilities in adjacent systems. Russian APT groups continue to operate, using their knowledge of the internal architecture of Ukrainian energy systems that were previously attacked.
The enemy is attempting to restore access to historically compromised infrastructure segments, constantly searching for new entry points.
These points will always exist due to the dynamic and complex nature of the infrastructure, making the situation particularly dangerous.
Russian Cyber Operations H2'2024
Download: https://cip.gov.ua/services/cm/api/attachment/download?id=68768
