CERT-UA: Russian hackers have changed tactics, operations are prepared for six months The Russian hacker group APT28 is preparing cyberattacks on Ukraine for about six months, and their targets are changing. This was reported by the Computer Emergency Response Team of Ukraine (CERT-UA). According to CERT-UA, the APT28 group (also known as Fancy Bear or Pawn Storm) is conducting a reconnaissance of the network infrastructure, studying technologies and internal procedures of organizations for about six months before launching a cyberattack. "The group's targets are also changing. If earlier the attackers were interested in government agencies, now they are increasingly targeting organizations in the energy, critical infrastructure, transport and logistics sectors," the statement said. The attackers are using new malicious programs and methods of attack, such as: * exploitation of vulnerabilities in Microsoft Outlook; * use of PowerShell scripts to download and run malicious code; * use of legitimate services to hide their activity. CERT-UA urges organizations to be especially vigilant and take measures to protect their systems from cyberattacks.

The CERT-UA team has prepared a report stating that the energy sector remains a priority target for Russian hackers who are changing their tactics in favor of long-term operations. The State Special Communications Service has published an analysis of hacker attacks for the second half of 2024, reports UNN.

Critical infrastructure objects of Ukraine (CIO), including energy sector objects, are constantly facing new challenges in cyberspace

Details

Experts highlight several trends:

• Attackers use supply chain attacks as the main vector of penetration. First of all, they pay attention to the compromise of suppliers of specialized software used in CIOs, as such companies often do not have a sufficient level of cybersecurity, and their hacking opens up new opportunities for hackers to further expand access to critical systems; 

• Attacks on the energy sector have transformed into more complex and longer operations, the implementation of which can take 6–8 months. They require attackers to use new approaches to hidden penetration, access retention, and exploitation of weaknesses in related systems;

• Russian APT groups continue to operate, using knowledge of the internal architecture of Ukrainian energy systems that have been attacked before. The enemy is trying to regain access to historically compromised infrastructure segments, constantly looking for new entry points. These points will always exist due to the dynamism and complexity of the infrastructure, which makes the situation particularly dangerous. 

Experts note that thanks to enhanced cooperation with international partners, expansion of the monitoring sensor network, and improvement of early threat detection mechanisms, a significant part of the enemy's operations last year were identified and neutralized before their full implementation. At the same time, further deployment of additional sensors and analytical systems at critical infrastructure facilities is necessary to ensure more effective detection of attacks.

CERT-UA detected a new wave of attacks on defense enterprises and the Defense Forces of Ukraine - State Special Communications Service18.03.25, 14:53 • 14438 views