CERT-UA: Russian hackers shift to long-term operations, up to 6–8 months

The State Special Communications Service of Ukraine has released an analysis of hacker attacks for the second half of 2024. The report, prepared by the CERT-UA team, states that the energy sector remains a priority target for Russian hackers, who are shifting tactics in favor of long-term operations.
Hackers are using supply chain attacks as the main vector of penetration. They primarily focus on compromising suppliers of specialized software used in critical infrastructure.
Such companies often lack sufficient cybersecurity, and their compromise opens up opportunities for attackers to expand access to critical systems.
Meanwhile, attacks on the energy sector have evolved into more complex and prolonged operations, which can take six to eight months to complete. These attacks require new approaches to covert infiltration, access persistence, and exploitation of vulnerabilities in related systems.
Russian APT (advanced persistent threat) groups continue to operate using their knowledge of the internal architecture of Ukrainian power systems previously targeted.
The adversary is attempting to regain access to historically compromised infrastructure segments while continuously searching for new entry points.
Such vulnerabilities are likely to persist due to the dynamic nature and complexity of infrastructure, making the threat particularly severe.
- In recent months, Russia has launched two powerful hacking attacks against Ukraine. First, it managed to delete registers of the Ministry of Justice, and then it disrupted the online system of Ukrzaliznytsia.
- Following these events, the National Coordination Center for Cybersecurity at the National Security and Defense Council determined that Ukraine needs a unified infrastructure for processing and storing government data.
- On April 26, Ukraine experienced a large-scale disruption of digital services. There were problems with Diia, Nova Poshta, and bank terminals.
- On April 28, hackers also disrupted the online systems of Epicenter.