Ukraine has reported an uptick in financially motivated cyberattacks from Russian hackers, noting a shift in the dynamics of the ongoing cyberwar. These attacks have been attributed to newly identified hacker groups that are believed to be associated with or indirectly supported by the Russian military. According to Yevheniia Volivnyk, the chief of Ukraine’s computer emergency response team (CERT-UA), the emergence of these groups indicates a deliberate strategy by Russia to diversify its cyberwarfare tactics. These groups are not only specializing in traditional cyber espionage but have expanded their focus to include financial theft, utilizing advanced phishing attacks to distribute malware such as RemcosRAT and data-stealing programs like LummaStealer and MeduzaStealer.
During the latter half of 2023, nearly 40 percent of the cyber incidents reported by CERT-UA involved financial theft. This includes significant attempts by a group tracked as UAC-0006, which tried to steal tens of millions of hryvnias from Ukrainian financial institutions and government organizations using Smokeloader malware. The increase in such financially targeted cyberattacks signifies a strategic evolution where Russian cyber activities are not only aiming at disruption but also at financial gain from the conflict.
The CERT-UA report highlighted the growing sophistication in targeting by these hackers, who are exploiting the latest vulnerabilities and aligning their attacks with current events to maximize the effectiveness of their campaigns. For instance, during the onset of the war in Israel, Russian hackers deployed malicious emails disguised as job offers targeting Ukrainian military personnel. This adaptation to the geopolitical landscape showcases the hackers’ agility in leveraging global events to tailor their attacks for maximum impact.
Furthermore, the conflict has seen an increase in attacks against Ukraine’s critical infrastructure, particularly in the telecommunications sector. For example, the attack on Kyivstar, Ukraine’s largest mobile operator, disrupted services for millions and coincided with physical missile strikes, indicating a hybrid warfare strategy. This dual approach of kinetic and cyber operations aims to gather intelligence and assess the impact of physical strikes, reflecting a comprehensive military strategy by Russia. Additionally, Ukraine has also responded with its own cyberattacks against Russian infrastructure, demonstrating the escalating nature of cyber warfare between the two nations.
