CERT-UA: Russian hackers shift to long-term operations, up to 6–8 months

The energy sector remains a priority target of Russian cyber operations, which are becoming longer and more complex

Andrii Vodianyi

Senior editor

16:09

CERT-UA: Russian hackers shift to long-term operations, up to 6–8 months — Photo: depositphotos.com

The State Special Communications Service of Ukraine has released an analysis of hacker attacks for the second half of 2024. The report, prepared by the CERT-UA team, states that the energy sector remains a priority target for Russian hackers, who are shifting tactics in favor of long-term operations.

Hackers are using supply chain attacks as the main vector of penetration. They primarily focus on compromising suppliers of specialized software used in critical infrastructure.

Such companies often lack sufficient cybersecurity, and their compromise opens up opportunities for attackers to expand access to critical systems.

Meanwhile, attacks on the energy sector have evolved into more complex and prolonged operations, which can take six to eight months to complete. These attacks require new approaches to covert infiltration, access persistence, and exploitation of vulnerabilities in related systems.

Russian APT (advanced persistent threat) groups continue to operate using their knowledge of the internal architecture of Ukrainian power systems previously targeted.

The adversary is attempting to regain access to historically compromised infrastructure segments while continuously searching for new entry points.

Such vulnerabilities are likely to persist due to the dynamic nature and complexity of infrastructure, making the threat particularly severe.

In recent months, Russia has launched two powerful hacking attacks against Ukraine. First, it managed to delete registers of the Ministry of Justice, and then it disrupted the online system of Ukrzaliznytsia.
Following these events, the National Coordination Center for Cybersecurity at the National Security and Defense Council determined that Ukraine needs a unified infrastructure for processing and storing government data.
On April 26, Ukraine experienced a large-scale disruption of digital services. There were problems with Diia, Nova Poshta, and bank terminals.
On April 28, hackers also disrupted the online systems of Epicenter.

CERT-UA: Russian hackers shift to long-term operations, up to 6–8 months

"We are cutting our production by more than half," Ferrexpo's CFO

The oil price fell below $60 per barrel for the first time since 2021: the reason

CNBC ranks world's 25 most valuable football clubs — Real Madrid leads the pack

CERT-UA: Russian hackers shift to long-term operations, up to 6–8 months

Ukraine halves gas injection into UGS facilities in April compared to 2024

A future without mines: How Ukraine is building a unique humanitarian demining system