The Vulnerability Detection and Cyber Incident/Cyber Attack Response System (the System) is a set of software and hardware solutions that provides 24/7 monitoring of events in the information and communication systems of government institutions and critical information infrastructure (CII) facilities. The State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine deploys specialized sensors within organizational networks to detect signs of suspicious activity and transmit relevant data in real time to the Сyber Incident Response Operations Centre. This enables specialists to timely detect cyberattacks, as well as promptly contain and mitigate their consequences, which is critically important for protecting state information resources.
During the reporting period, analysts of the Сyber Incident Response Operations Centre processed approximately 17.3k information security events. As a result of the analysis, 730 cyber incidents were identified and handled, 339 of which were directly associated with the activities of known threat groups.
Throughout the year, specialists of the State Cyber Protection Centre significantly expanded the System’s presence within government bodies: new organizations were connected to the Network Detection and Response (NDR) subsystem, 24 telemetry collection sensors were deployed, and monitoring and protection of more than 46.5k servers and workstations were provided through the Endpoint Protection Subsystem (EDR/MDR).
In 2025, the most active cyber threat clusters were UAC-0010, UAC-0006, and UAC-0050, which specialize in cyber espionage, financial theft, and information and psychological operations.
"It is worth noting that the vast majority of tactics and techniques used by attackers as an initial attack vector lose their effectiveness when non-privileged user accounts are used and basic security configurations are implemented on workstations," the report states.
Government institutions seeking to strengthen their cybersecurity posture and gain access to the services of the Vulnerability Detection and Cyber Incident/Cyber Attack Response System may contact the State Cyber Protection Centre. Within the framework of the System, three core services are available: network sensors (NDR), endpoint protection sensors (EDR), and a centralized collection and analysis of logs from existing endpoint protection solutions used by the organization (MDR). Each of these services can be configured according to the needs of a specific institution.
For inquiries regarding access to the services outlined above, please contact the State Cyber Protection Centre:
Email: info_scpc@cip.gov.ua
