The goals facing Russian hackers correspond to the overall goals of Russian military aggression. Civilian infrastructure is the primary target of Russian cyber criminals, and the hackers’ priorities throughout the full-scale invasion have shifted according to military needs. Although government bodies have consistently remained key targets of cyber attacks, at the beginning of the invasion, media and telecom were important targets as the Russian authorities expected a quick victory and hoped to be able to influence Ukrainians through the media to scare us.
Subsequently, the focus of hackers and the Russian army shifted to the energy sector. This was reported by the State Service of Special Communications and Information Protection of Ukraine which analysed and investigated cyber threats from Russian hacker groups in 2022 and the first half of 2023.
In particular, experts highlighted the increased interest of hostile hackers in Ukrainian law enforcement agencies among the trends of cyber threats from Russian hacking groups in 2023. “It is about conducting espionage operations to gain access to data on evidence of Russian war crimes, to materials collected and handed over to courts and prosecutors’ offices, to requests for the detention of suspected agents, etc. Ukraine’s energy and media sectors are also the focus of hostile hackers,” the Service noted.
Hackers return to previous targets that own and operate critical data needed by the Russian military. This approach allows attackers to strategically plan future operations and predict our reaction. With prior knowledge of a victim organisation’s network infrastructure, security measures, key personnel, and communication patterns, attackers have a significant advantage when it comes to exploiting organisations compromised in the past.