CERT-UA: Russian hackers shift to long-term operations, up to 6–8 months
Photo: depositphotos.com

The State Special Communications Service of Ukraine has released an analysis of hacker attacks for the second half of 2024. The report, prepared by the CERT-UA team, states that the energy sector remains a priority target for Russian hackers, who are shifting tactics in favor of long-term operations.

Hackers are using supply chain attacks as the main vector of penetration. They primarily focus on compromising suppliers of specialized software used in critical infrastructure.

Such companies often lack sufficient cybersecurity, and their compromise opens up opportunities for attackers to expand access to critical systems.

Meanwhile, attacks on the energy sector have evolved into more complex and prolonged operations, which can take six to eight months to complete. These attacks require new approaches to covert infiltration, access persistence, and exploitation of vulnerabilities in related systems.

Russian APT (advanced persistent threat) groups continue to operate using their knowledge of the internal architecture of Ukrainian power systems previously targeted.

The adversary is attempting to regain access to historically compromised infrastructure segments while continuously searching for new entry points.

Such vulnerabilities are likely to persist due to the dynamic nature and complexity of infrastructure, making the threat particularly severe.