Cyber-attacks on AFU, govt agencies becoming more frequent, carried out through those using messengers
Cyberattacks on military personnel, government agencies and local governments will remain a trend, but their main target is often a person with access to such systems, experts from the State Special Communications Service of Ukraine recorded in the report "Russian Cyber Operations" based on an analysis of cyber threats identified during the first half of 2024.
"The trend that we observed in the last half of the year, namely an increase in the total number of cyber incidents with a decrease in high and critical incidents, is still visible now. Cyberattacks on the military and government agencies will remain a trend in the future. The main tools of cyber espionage are phishing and infection with malware, and the weakest link in this case is a person," the agency said in the report on its website on Monday.
Most corporate mail servers use security tools, so hackers are increasingly refusing to send malware to victims' mailboxes and preferring attacks through other means of communication. Messengers, which are also used by a large number of military personnel, come in handy here.
Having enough personal data and a contact phone number, hackers pretend to be others and start communicating with the future victim, usually using Signal. It should be noted that any available resources, including dating platforms, are used to "process" the victim. Thus, "having gained trust" under the guise of award documents, a video of a battle in other units, they send the victim an archive with a shortcut file.
During cyberattacks on military personnel, hackers also steal accounts in messengers for the further distribution of spyware and phishing in order to compromise as many users as possible. Among the victim's contacts there may be "important" targets for them, whose correspondence is of interest to employees of various special services of the aggressor country.
It is indicated that voting in messengers has become a new way of stealing accounts. WhatsApp and Telegram messengers are very popular among Ukrainians. They are used as means of communication. This is why these messengers were targeted by Russian hackers this spring.
Attacks by one of the hacker groups are aimed at gaining access to Ukrainian citizens' messengers for the purpose of maximum distribution. The purpose of these attacks is espionage (stealing data from chats), further distribution of phishing links (to increase the number of victims) and the financial component (extortion of money).
Another direction of the enemy's cyberattacks is noted – destabilization of the situation in the country. "To destroy civilian critical infrastructure (in particular energy facilities), not only kinetic but also destructive cyberattacks are used, which are cheaper than launching a ballistic missile, but can lead to the same destruction," the report states.
According to statistics, in the first six months of 2024, the number of attacks on government organizations and local authorities has increased significantly. The number of processed cyber incidents targeting the security and defense sector and the energy sector has more than doubled.
The report provides several ways to carry out cyberattacks on companies. In particular, attacks on companies are carried out using ransomware viruses, and hackers managed to encrypt data in the networks of commercial companies, including backup copies. "The only option for their recovery for companies was to agree to the terms of the attackers and purchase a "decryptor" from them. In such cases, it is important to have backup copies of critical systems on external media," the agency said.
"Finally, cyber marauders are those scammers who will always be around. It is difficult to predict what topic and distribution platform they will choose next time to trick people into giving them money or bank card details, but we know for sure that we will be hearing about them for a very long time," the cyber experts said.