Ukraine: Russian hackers infiltrating software supply chains
'IT managers must be careful,' say cyber defenders
Russian hacking groups are working for military intelligence and using advanced tactics to spot vulnerabilities in target systems, says Ukraine's security agency.
Russian cybercriminals have shifted the focus of their attacks on Ukraine, aiming to infiltrate software supply chains to gather intelligence for the Russian military invasion, rather than spreading mayhem and disruption, the Ukrainian cyber-defence agency said on Monday.
The State Service of Special Communications and Information Protection of Ukraine's (SSSCIP) annual report into Russian cyber attacks - its second since the country invaded Ukraine in 2022 - said hackers increased their attempts to breach Ukrainian cyber defences more than 120% in the first half 2023, compared to the same period last year.
Software companies and government contractors involved in Ukrainian operations reported increased attacks.
The SSSCIP also expected software companies working in the supply chain for critical infrastructure and the military would come under increasing attack.
"IT managers have to carefully watch every commit and protect their intellectual property by obfuscation and advanced authentication," it said in the report.
Ukraine strengthening defences
Ukrainian cyber defenders had thwarted enough hacking attempts to cut critical cyber security incidents to a fifth of what they were last year, though the rate of attacks remains high.
Overall, attacks rose 123% from the second half of 2022 to the first half of 2023: from 342 to 762. However, critical attacks fell from 144 (and 319 in the first half of 2022) to just 27 in the same time frame.
Attacks rated with high or critical severity fell 46%, from 683 in the first half of last year, to 339 in the second half and 183 in the first half of 2023.
"The attackers appear to be using less sophisticated tactics, employing a 'spray and pray' approach," said the report.
However, the hackers have acquired new objectives, and are using different tactics.
SSSCIP says they have begun operating as an arm of military intelligence, seeking to infiltrate systems holding evidence of alleged Russian war crimes and trying to destroy information. Tactically, they have also intensified their attacks.
Despite the prolific number of attacks, the culprits appear to have been choosing their targets carefully. They have persisted in probing and attacking over time, gradually accumulating the information necessary to make their attacks effective.