The State Special Communications Service reported that in the first half of 2025, CERT-UA recorded a number of new activities in cyberattacks against Ukraine – the enemy is changing tactics and attracting "fresh blood", and also beginning to use complex tools for data theft. This is reported by UNN with reference to the State Special Communications Service.
Details
In the analytical report "Russian Cyber Operations" for the first half of 2025, the State Special Communications Service states a radical change in tactics, techniques and procedures by the attackers. According to CERT-UA specialists, these changes indicate a decrease in the effectiveness of established attack methods – probably due to increased resistance from the Ukrainian side – so the enemy is experimenting with new approaches and personnel.
The document of the State Special Communications Service describes in detail several groups, including the group designated UAC-0219. This group uses the malicious tool WRECKSTEEL, capable of stealing files with predefined extensions and taking screenshots, which are then uploaded to the attackers' servers. CERT-UA also notes that the attackers are likely using artificial intelligence to generate PowerShell scripts, which increases the speed and flexibility of attacks.
The report emphasizes that the activation of "fresh" operators and the modernization of tools make attacks more variable – this requires the cybersecurity sector to adapt methods of detecting and preventing incidents. CERT-UA calls on government agencies and the private sector to strengthen monitoring, update response procedures, and promptly apply indicators of compromise from the analytical report.