The SSSCIP continuously records an increase in the number of cyberincidents and cyberattacks on government information resources and facilities of Ukraine’s critical information infrastructure.
This upward trend in the number of cyberattacks remains since the beginning of the war. With that, over 24 billion events were processed using the vulnerability detection and cyberincident response system in Q3 2022. The number of registered and processed cyberincidents has increased from 64 to 115.
The main task of hackers is cyber espionage, disrupting access to public information services and even destroying information systems with wiping malware. Q3 2022 has shown a significant ramp up of malware spreading activity of hacker groups, including malware meant to both steal data and destroy data. The number of high severity level IS events has increased 3.8 times compared to the Q2 2022 statistics. Consequently, the number of recorded cyberincidents of high severity level has increased by 128%.
If compared to Q1 and Q2, the number of critical IS events originating from russian IP addresses has increased 35-fold in Q3. The number of detected IS events related to active scanning that originate from russian IP addresses has also nearly doubled, compared to Q2 2022. Those were the IP addresses from which cyberattacks on Ukrainian information resources had been waged and fake information had been spread to defame the public authorities during the russian-Ukrainian War. The largest number of critical IS events is associated to the U.S. IP addresses. However, automatic source IP geolocation not necessarily implies cyberattack attribution to an identified location.
Nonetheless, the absolute majority of the cyberincidents was attributed to hacker groups funded by the russian government, namely UAC-0010 (Gamaredon) and others. Finance and commercial sectors as well as national and local public authorities were among the major targets for hackers from the russian federation in Q3 2022. The largest share of IS events can be associated with APT groups and hacktivists.
