Throughout Q1 2023, the Vulnerability Detection and Cyber Incident and Cyberattack Response System detected 7 million suspicious information security events (at initial analysis), and processed 34,000 critical information security events (potential cyber incidents detected through filtering suspicious IS events and secondary analysis). 202 cyber incidents were recorded and processed by security analysts directly.

Since the beginning of 2023, compared to Q4 2022, a decrease in the total number of cyberattacks waged by pro-russian hacktivist groups has been recorded, but their systematicity and intensity remain high. At the same time, since the beginning of the current calendar year, compared to the previous quarter, the number of attacks waged by pro-russian hacktivist groups, targeting the commercial and financial sectors, the Government and local authorities, and at the security and defense sectors, has decreased by 1.5–2.9 times for various sectors. Nevertheless, the intensity of attacks on the energy sector and the mass media remains at the same level.

Considering the kremlin’s stepping up its information operations to justify the unprovoked invasion of Ukraine and, thus, creating conditions for a protracted war in Ukraine, there are no fundamental reasons to believe that the trend towards a decrease in the number of cyberattacks targeting Ukrainian organizations of various forms of ownership and industries will continue in the future.

XakNet, NoName057(16), RussianHackersTeam, RaHDit, and Free Civillian are the most active pro-russian hacktivist groups, with the number of attacks launched by them during Q1 2023 being 90% of the total number of recorded attacks launched by similar groups during the reporting period.

BARAT, Emotet, Cobalt Strike, and Meris represent the most commonly exploited C2 infrastructure detected as the source of attempted network intrusions or breaches of organizational security policies detected in inbound network traffic by the Vulnerability Detection and Cyber Incident and Cyberattack Response System’s Telemetry Collection Subsystem.

During the reporting period, Snake Keylogger, Agent Tesla, LokiBot, PurpleFox, and Formbook dominate among the families of malware detected in IS events in category “02 Malicious software code”.

Download the Report in pdf.