Russia-backed hackers target government and IT organizations in Ukraine
Data presented by Atlas VPN reveals that Russian hackers have been targeting Ukraine’s and its allied countries’ government and IT organizations with ever-increasing sophistication.
The Russian government is believed to be behind the attacks, as they appear to be well-funded and well-organized. The cyber attacks have been aimed at stealing sensitive information, disrupting systems, and causing chaos in the targeted countries.
According to the recently published Microsoft Threat Intelligence report, the government sector was by far the most targeted sector by Russian state-affiliated hackers between February 2022 and January 2023.
The team at Microsoft discovered 46 organized cyber attacks on various government bodies.
Russian threat actors were also interested in IT & communications companies, launching 17 attacks within the last year.
The energy sector was also among the industries most targeted, as they were subject to 16 cyber attacks.
A suspected Russian threat actor named IRIDIUM initiated several phishing activities between January 12 and January 28 of 2023, to access accounts at Ukrainian businesses in the defense and energy sectors.
This aligns with the traditional targets of Russian cyberattacks in Ukraine since the energy sector provides a significant portion of Ukraine’s revenue, and the government and telecommunications industries are key components of national security.
Russian hackers have been using a variety of tactics to infiltrate government and IT organizations. One of the methods used is spear-phishing, which involves sending emails with malicious links or attachments that, when clicked, infect the targeted computer with malware.
The attacks have become increasingly complex over time, with hackers using advanced techniques such as zero-day exploits, which are vulnerabilities in software that are not yet known to the software vendor.
One of the most concerning aspects of these attacks is the potential for damage to critical infrastructure. Russian hackers have already targeted the energy and transportation infrastructure in Ukraine.
These attacks are part of a larger hybrid warfare campaign by Russia against Ukraine, which includes military aggression, propaganda, and cyberattacks. The campaign aims to weaken Ukraine and its allies and assert Russian influence in the region.
Attacks outside of Ukraine
The Ukrainian government and IT organizations are not the only targets of these attacks. Russia has also targeted companies in other countries, including NATO member states, to play havoc with their operations and gain access to classified information.
Between February 23, 2022, and February 7, 2023, Microsoft observed Russian nation-state threat activity against organizations based in 74 countries, excluding Ukraine.
According to the amount of recorded threats, EU and NATO member countries—particularly those on the eastern flank—dominate the list of the top 10 most targeted states.
Nonetheless, Russian threat actors engaged in activities ranging from monitoring to data exfiltration in organizations throughout the world, in Africa, Asia, South America, and the Middle East.
In the 74 countries they attacked, Russian threat actors were particularly interested in government and IT sector firms, much like in Ukraine.
Government and IT & communications sectors suffered from 100 and 51 cyber attacks, respectively.
Hackers corrupt IT businesses to leverage trusted technical ties and gain access to those firms’ clients in government, policy, and other sensitive institutions.
Hackers paid a lot of attention to the activities of various non-profit organizations and tried to disrupt their efforts by launching 31 cyber threats within the past year.
Sophisticated cyber attacks were launched on companies in the education and energy sectors, with 16 threats targeting each.
Security measures against ongoing attacks
The attacks are likely to continue, and organizations should take steps to protect themselves.
One of the steps recommended by Microsoft is to improve cybersecurity awareness among employees. This includes training employees on recognizing and responding to phishing emails and other types of attacks.
The report also recommends that organizations implement multi-factor authentication, which requires employees to provide two or more pieces of evidence to verify their identity before accessing a system.
In addition, companies should conduct regular vulnerability assessments and patching to ensure that their systems are up-to-date and secure.
Organizations should also establish incident response plans to help them respond quickly and effectively to cyberattacks. This requires having a clear chain of command, establishing communication protocols, and conducting regular training exercises.
The security team at Microsoft also highlights the importance of international cooperation in addressing the threat of Russian hackers.
It notes that governments, law enforcement agencies, and the private sector must collaborate to share threat intelligence and coordinate cyberattack responses. Through such cooperation, they can effectively counter the threat posed by Russian hackers and other cybercriminals.