Ukraine Reports Surge in Financially-Motivated Cyberattacks Linked to Russia
Ukraine has witnessed a significant increase in financially motivated cyberattacks carried out by unidentified hackers associated with Russia, the government reports. These new groups have become more active in Ukrainian networks in the latter part of 2023, marking a shift in the ongoing cyberwar previously dominated by well-known Kremlin-supported hackers like Sandworm and Armageddon.
Yevheniia Volivnyk, chief of Ukraine’s computer emergency response team (CERT-UA), stated that the emergence of these new actors indicates a deliberate strategy by Russia to diversify its cyberwarfare arsenal. While the origins and participants of these operations remain unclear, previous patterns suggest that they are either affiliated with the Russian military or informally funded and coordinated by the Russian state command center.
According to Ukrainian cyber researchers, these new groups stand out for their sophisticated phishing attacks aimed at distributing malicious software for remote access or data theft. CERT-UA’s analysis showed that nearly 40 percent of reported incidents were related to financial theft.
For instance, the group known as UAC-0006 attempted to steal millions of hryvnias from Ukrainian financial institutions and government organizations. This threat actor, primarily using Smokeloader malware, has been responsible for nearly 200 incidents targeting Ukraine in the second half of 2023.
The CERT-UA report, which covers all Russia-linked cyber activities, indicates a steady increase in incidents against Ukraine over the past two years. These hackers are improving their targeting tactics by exploiting vulnerabilities and tailoring their attacks to trending events and news.
One striking example was the distribution of malicious emails disguised as job offers to target Ukrainian military personnel for consultancy roles with the Israel Defense Forces at the start of the war in Israel. Another operation involved Russian military intelligence hackers creating a fake military app to collect data from the Ukrainian battlefield.
Russian hackers have also intensified their attacks on mobile devices, using messaging apps to deliver malware for stealing information. Researchers suggest that targeted cyberespionage operations are crucial for Russian hackers to gain an advantage on the battlefield.
Moreover, Ukraine’s critical infrastructure, particularly the telecommunications sector, remains a top priority for Russian hackers. Incidents like the recent hack on Kyivstar, Ukraine’s largest mobile operator, have left millions without cell and internet service and underscore the hybrid nature of attacks coinciding with kinetic strikes on critical infrastructure.
As Ukraine continues to be the target of cyber and physical attacks, experts predict a rise in malicious cyber activities aimed at gathering intelligence to assess damages caused by strikes. In response, Ukraine has also engaged in cyberattacks against Russian telecom infrastructure, as seen in the recent large-scale attack on internet providers and mobile operators in the Russian republic of Tatarstan.
