Ukrainian cyber officials said cyber attacks from Russia continued to increase in late March, mostly through attempts to collect information from critical Ukrainian infrastructure and spread malware there.
Speaking to reporters on Tuesday, Viktor Zora, Deputy Head of the Ukrainian State Service for Special Communications and Information Protection, said that the same group of Russia-linked hackers that targeted local government agencies in Ukraine with compromised emails also sent malicious emails to authorities in Latvia.
He added that the recent attacks were aimed at disrupting vital services, but did not cause serious damage.
Between March 23 and March 29, there were 65 cyber attacks on Ukraine’s critical infrastructure, which is five times more than the previous week, the SSSCIP said in its latest report on cyber activity during the war. The agency said state and local authorities, the security and defense sector of Ukraine, financial companies, telecommunications and energy were the sectors most targeted.
Experts at Ukrainian cybersecurity firms and Microsoft Corp. are investigating. and Cisco Systems Inc. on March 28 Cyber attack on Ukrtelecom PJSC The attack has not yet been attributed to a specific hacker group, Kirill Goncharuk, chief information officer of Ukrtelecom told reporters on Tuesday.
He said hackers entered the ISP’s network after compromising user credentials from an employee in an area recently occupied by Russia. Mr. Goncharuk declined to name the area or provide more details about the employee, citing security reasons, and said the person was now safe.
SSSCIP said military hackers from Russia and Belarus were behind most of the recent cyber attacks on Ukrainian organizations. Mr. Zora said Ukrainian authorities are gathering evidence of cyber attacks, which they will send to the International Criminal Court, along with evidence of war crimes.
CERT-UA, Ukraine’s cybersecurity emergency response unit, said on Monday it had detected a malicious email campaign referring to the war in Ukraine that included a file containing malware. Mr. Zura said the emails did not affect organizations in Ukraine. He added that authorities attributed the emails to a Russian hacker group known as Armageddon.
The emails sent to the authorities in Latvia appear to come from the same hacker group; He said they claimed it contained information about humanitarian aid but contained files with malware.