Cyber ​​attacks by Russia against Ukraine increased by 250% in 2022.as revealed by a joint report by Google and Mandiant’s Threat Analysis Group (TAG), which puts us on the trail of “another” war.

This week is fulfilled one year an illegal and unjust invasion that brought war to the gates of Europe. A war as terrible as any, with thousands of dead and wounded on both sides, a humanitarian situation that has displaced millions of people, a threat to the security of the planet and a huge problem for the recovery of the global economy after the crisis. caused by the pandemic. And there’s no sign of it stopping anytime soon.

We already said a year ago that the wars of the 21st century are not only fought on land, and cyberspace is another important area. Russia has cyber attack and defense elements that are listed among the planetary elite, and at the same time as the first physical bombing of Ukraine, we have already learned of cyber attacks that were being prepared months before.

Russian cyber attacks against Ukraine in data

Google is now putting the numbers on the table and they are, unfortunately, spectacular. Russian cyber attacks against Ukraine in the first four months of 2022 were more destructive than those produced in the last 8 years and largely targeted the Ukrainian government and military entities, along with critical infrastructure, public services, and the media sector.

Google cites six attack groups against Ukrainian networksWhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2 and SDelete) and well-known groups in security services, FROZENBARENTS (also known as Sandworm or Voodoo Bear), FROZENLAKE (also known as APT28 or Fancy Bear), COLDRIVER Group), FROZENVISTA (also known as DEV-0586 or UNC2589) and SUMMIT (also known as Turla or Poison Bear).

Phishing attacks targeting NATO countries have also been found to have experienced a 300% increase in 2022. These efforts were instigated by a Belarusian government-backed group called PUSHCHA (also known as Ghostwriter or UNC1151), which is linked to Russia. “An aggressive, multipronged effort to gain a decisive war advantage in cyberspace, often with mixed results”the report states.

In addition to the increased intensity and frequency of operations, the invasion was also accompanied by the Kremlin’s involvement in covert intelligence operations aimed at shape public perception with the aim of undermining the Ukrainian government, breaking international support for Ukraine and maintaining domestic support for Russia.

These activities confirm “a remarkable change in the Eastern European cybercrime ecosystem” in a way that blurs the lines between financially motivated actors and state-sponsored attackers. This is evidenced by the fact that one of the attack groups, UAC-0098, the author of the IcedID malware, has again used its techniques against Ukraine as part of a set of ransomware attacks.

Putin also “convinced” (under payment like others) other attack groups supported by the Chinese government such as CURIOUS GORGE (aka UNC3742) and BASIN (aka Mustang Panda) to target Ukrainian and Western European intelligence gathering targets.

The report is of interest to analysts and security services and shows the sheer depth of Russian cyber attacks against Ukraine. Of course, the state of emergency is meant to help the Ukrainian people and their government defend themselves against the year-long invasion, but the digital fronts of the war are also very dangerous.