Russia focused on espionage in its cyber offensive strategy against Ukraine in the first half of 2024, reflecting a shift in tactics noted in a new report by the Ukrainian Cyber Emergency Response Team (CERT-UA). Instead of destructive attacks on critical infrastructure, which were characteristic of previous years, Russian hackers have begun to use more covert and long-term methods aimed at gathering intelligence. As reported by The Cyber Express.
According to the report, in the first half of 2024, there were 1,739 cyber incidents recorded, which is a 19% increase compared to the end of 2023. However, the number of critical incidents decreased by 90%. This indicates that instead of destructive attacks, such as breaches of energy infrastructure, Russia is now focusing on cyber espionage. The targets of such attacks are military and strategically important facilities, allowing Moscow to gather information for conducting military operations.
The report emphasizes that Russian hacker groups, such as UAC-0184 and UAC-0020, actively use phishing attacks and malware to gain access to systems. For example, UAC-0184 targeted Ukrainian military personnel by spreading malicious programs through messaging apps like Signal to steal data and gain control over devices.
In addition to espionage, attacks on critical infrastructure continue. In particular, the number of attacks on Ukraine's energy sector has doubled. Hackers are targeting industrial control systems (ICS) used in the energy sector to gain control over key facilities. In March 2024, the UAC-0002 group hacked the supply chains of several energy companies, using specialized software for lateral movement within networks.
One of the key tactics this year has been the compromise of messenger accounts, such as WhatsApp and Telegram, through phishing attacks. Hackers gain access to users' accounts, allowing them to steal data, spread malicious links, and conduct espionage operations.
Despite the increase in attacks, Ukraine has managed to improve its level of protection. Enhanced threat visibility and cooperation with international partners have helped reduce the number of major incidents. However, the report highlights that Russian hackers continue to refine their methods, and the threats remain significant.