Cyberattacks from Russia continued to increase in late March, mostly through attempts to gather information and spread malware to Ukrainian critical infrastructure, Ukrainian cyber officials said.
The same Russian-linked hacker group that targeted local government agencies in Ukraine with compromised emails also sent malicious emails to Latvian authorities, said Victor Zhora, deputy head of Ukraine’s State Service Special Communications and Information Protection, speaking to reporters on Tuesday.
Recent attacks aimed to disrupt critical services but did not cause serious damage, he added.
Between March 23 and March 29, 65 cyberattacks took place on Ukrainian critical infrastructure, five times more than the previous week, SSSCIP said in its latest Wartime Cyber Activity Report. National and local authorities, Ukraine‘s security and defense sector, financial companies, telecommunications and energy were the most targeted sectors, the agency said.
Experts from Ukrainian cybersecurity companies, Microsoft Corp. and Cisco Systems Inc. are investigating the March 28 cyberattack on Ukrtelecom PJSC and have not yet attributed the attack to any particular hacker group, Ukrtelecom chief information officer Kirill Goncharuk told reporters on Tuesday.
Hackers broke into the internet service provider’s network after compromising the credentials of an employee in territory recently occupied by Russia, he said. Mr Goncharuk declined to name the territory or provide further details about the employee, citing security concerns, and said the person was now safe.
Russian and Belarusian military hackers were behind the most recent cyberattacks against Ukrainian organizations, SSSCIP said. Zhora said Ukrainian authorities were gathering evidence on cyberattacks which they would send to the International Criminal Court, as well as evidence of war crimes.
CERT-UA, Ukraine’s cybersecurity emergency response unit, said on Monday it detected a malicious email campaign mentioning the war in Ukraine that includes a file containing malware. The emails did not compromise organizations in Ukraine, Zhora said. Authorities attributed the emails to a group of Russian hackers known as Armageddon, he added.
Emails sent to Latvian authorities appeared to be from the same group of hackers; they were supposed to contain information about humanitarian aid, but included files containing malware, he said.