Since the beginning of the full-scale invasion in Ukraine, a large cyber war with Russia has been ongoing in parallel. Over the past three years, Ukrainians have heard about massive cyberattacks by hackers that disrupted the operations of Ukrposhta, Monobank, attacked the Unified State Electronic Database on Education (USEDE), as well as the Ministry of Defense’s resources.
At the same time, the goals and focus of the enemy cybercriminals’ work have gradually changed. In 2024, Russian hackers launched a large-scale attack on the network security system of Kyivstar, and later disabled the Unified State Registers of the Ministry of Justice.
Some private hacker groups have also started targeting Russia. This was reported by the head of the State Special Communications Service, Oleksandr Potii, in an interview with Ukrinform.
"Ukrainian information systems are being attacked by hacker groups that are essentially subdivisions of Russian intelligence agencies: FSB – UAC-0010 (Armageddon), UAC-0036 (Calisto), the Russian Armed Forces General Staff – UAC-0002 (Sandworm), UAC-0001 (APT28), or other groups equally controlled by Russian intelligence services.
Among the recent groups are a significant number of hacktivist organizations, such as XakNet, CyberArmyofRussia, Zarya, and others. These groups primarily specialize in DDoS attacks, spreading propaganda, and information pressure. However, some of them are also controlled by Russian intelligence services and are used to publicly showcase "achievements" in cyberattacks.
Additionally, some private hacker groups have started working for the aggressor country. For example, UAC-0050, which announced the cessation of its "professional" activity under the "DaVinci Group" brand just a few days before Russia's invasion in 2022, is now one of the most active groups.
Russian hackers primarily target organizations that play a key role in the functioning of the state and ensuring national security. These include the security and defense sector, local government bodies, and critical infrastructure, particularly the energy sector.
Special attention is given to government bodies where information may be stored that can be used to achieve political and military goals and to organize further cyberattacks. This can include data on budget expenditures, suppliers, or even personal data of employees, companies, or military personnel. Over the years, considerable attention has also been paid to the media sector, as it is a means to influence public opinion by spreading disinformation and discrediting government bodies."
In 2022, the Government Computer Emergency Response Team (CERT-UA), operating under the State Special Communications Service, recorded 1,350 cyberattacks within just six months.
"We have observed a trend of increasing overall cyber incidents over the years. If we compare the first half of last year with the same period in 2022, this number increased to 1,739. However, the number of high and critical-level incidents has decreased.
Nevertheless, over these years, we have seen how dynamic the war in cyberspace is. It's not just about the number of attacks (although the quantitative figures are impressive), but about the ability of enemy cybercriminals to adapt.
Russian hackers have demonstrated significant adaptability, quickly restructuring their operations, changing their targets, approaches, and improving their tools. This is extremely important experience that needs to be thoroughly analyzed, as it highlights not only the critical importance of protecting information systems in cyberspace, but also that the process of strengthening cybersecurity cannot be paused for a moment. Any small pause will give an advantage to the enemy, who is already working on new ways to bypass the defense systems we have.
As for 2025, it's still early to make predictions, but we assume that the number of incidents will remain at the same level as in 2024."
