The beginning of Russia’s war in Ukraine included some of the largest cyber operations in history, targeting satellites and power plants for shock and awe. Ukrainian officials say some of Moscow’s most notorious hackers are now focusing on steps such as taking down the website of a local news agency; It’s a more modest approach that belies Vladimir Putin’s claims that everything is going as planned.

The number of cyberattacks in Ukraine rose to 762 from January to June, according to a new report prepared by the country’s Cyber ​​Security Service with support from the United States Agency for International Development and the European Union. Figures for the second half of 2022. But Ukrainian officials say the number of incidents they describe as “critical” during this period fell by 81 percent to 27, a sign of improved defense as well as Russia’s more restrained ambitions.

Bloomberg has not independently verified the claims made in the report, and claims of cyberattacks carried out in both Ukraine and Russia during the conflict have generally been difficult to verify. The Kremlin and the Russian military regularly deny any involvement in hacking operations.

At the beginning of the war, the Kremlin was counting on a quick victory. Hackers targeted commercial satellite network Viasat Inc., causing major disruptions to Ukrainian communications and attempting to disrupt the country’s power grid in a failed attack. But even then, Russia’s overstretched forces had a hard enough time coordinating their own actions without integrating cyber operations that the likelihood of a full-scale cyber war soon diminished. Now the intended cyber targets appear more modest.

The new brands include those that normally have softer protection, including in sectors such as media and telecommunications. Local law enforcement and government agencies collecting evidence of war crimes are also among the main targets. According to the report, some hackers collected data about captive Russians who could be tried for war crimes, in order to help them escape prosecution and return to Russia.

According to the report, state-linked hackers mostly avoided targets that could be used to support military operations. Instead, Sandworm, a group affiliated with GRU military intelligence linked to some of Russia’s most aggressive attacks around the world, attempted to shut down the website of Ukraine’s state-run news agency in January, the report said.

Despite the changes, Ukrainian cybersecurity experts warn that attacks on critical infrastructures will continue. Private energy company DTEK reported repeated attacks on its IT infrastructure, both by hackers and as a result of missile attacks. Russian hackers also tried to collect information about the Zaporizhzhia nuclear power plant in Ukraine.

In other words, don’t write off Russian hacking forces just yet.

Cybersecurity experts have been warning for some time that text-based multi-factor authentication is dangerous. Now Microsoft has joined in, encouraging Azure cloud users to disable two-factor authentication for text and phone.

The announcements come amid a rise in social engineering attacks, a low-tech method in which hackers gain initial access to a corporate network by tricking IT help desks into impersonating an employer or employee. Social engineering attacks were behind recent cyberattacks on MGM Resorts International, Caesars Entertainment, and Coinbase Global.

According to cybersecurity firm Mandiant, the group known as Scattered Spider, which is suspected of being involved in the attacks, used Azure in some of its attacks.

In May, as Scattered Spider proliferated across corporate networks, Microsoft researchers published a study claiming that authentication via SMS and voice was 40% less secure than push notifications via a mobile phone app. Source