The CERT-UA team has prepared a report stating that the energy sector remains a priority target for Russian hackers who are changing their tactics in favor of long-term operations. The State Special Communications Service has published an analysis of hacker attacks for the second half of 2024, reports UNN.
Critical infrastructure objects of Ukraine (CIO), including energy sector objects, are constantly facing new challenges in cyberspace
Details
Experts highlight several trends:
- Attackers use supply chain attacks as the main vector of penetration. First of all, they pay attention to the compromise of suppliers of specialized software used in CIOs, as such companies often do not have a sufficient level of cybersecurity, and their hacking opens up new opportunities for hackers to further expand access to critical systems;
- Attacks on the energy sector have transformed into more complex and longer operations, the implementation of which can take 6–8 months. They require attackers to use new approaches to hidden penetration, access retention, and exploitation of weaknesses in related systems;
- Russian APT groups continue to operate, using knowledge of the internal architecture of Ukrainian energy systems that have been attacked before. The enemy is trying to regain access to historically compromised infrastructure segments, constantly looking for new entry points. These points will always exist due to the dynamism and complexity of the infrastructure, which makes the situation particularly dangerous.
Experts note that thanks to enhanced cooperation with international partners, expansion of the monitoring sensor network, and improvement of early threat detection mechanisms, a significant part of the enemy's operations last year were identified and neutralized before their full implementation. At the same time, further deployment of additional sensors and analytical systems at critical infrastructure facilities is necessary to ensure more effective detection of attacks.