Cyberattacks from Russia continued to increase in late March, mostly through attempts to gather information from, and spread malware to, Ukrainian critical infrastructure, Ukraine cyber officials said.
The same group of Russia-linked hackers that targeted local government agencies in Ukraine with compromised emails also sent malicious emails to Latvian authorities, said Victor Zhora, deputy chief of Ukraine’s State Service of Special Communication and Information Protection, speaking with reporters on Tuesday.
Recent attacks aimed to disrupt critical services but didn’t cause serious damage, he added.
Between March 23 and March 29, 65 cyberattacks occurred on Ukrainian critical infrastructure, which was five times more than in the previous week, the SSSCIP said in its latest report on cyber activity during the war. State and local authorities, Ukraine’s security and defense sector, financial companies, telecoms and energy were the most targeted sectors, the agency said.
Experts at Ukrainian cybersecurity companies, Microsoft Corp. and Cisco Systems Inc. are investigating the March 28 cyberattack on Ukrtelecom PJSC and haven’t yet attributed the attack to a particular hacker group, Kirill Goncharuk, Ukrtelecom’s chief information officer told reporters on Tuesday.
Hackers entered the internet service provider’s network after compromising user credentials from an employee in a territory recently occupied by Russia, he said. Mr. Goncharuk declined to name the territory or provide further details about the employee, citing security reasons, and said the person is now safe.
Russian and Belarusian military hackers were behind most recent cyberattacks on Ukrainian organizations, the SSSCIP said. Mr. Zhora said Ukrainian authorities are gathering evidence on the cyberattacks that they will send to the International Criminal Court, along with proof of war crimes.
CERT-UA, Ukraine’s cybersecurity emergency response unit, said Monday that it had detected a malicious email campaign mentioning the war in Ukraine that includes a file containing malware. The emails haven’t compromised organizations in Ukraine, Mr. Zhora said. Authorities attributed the emails to a Russian hacker group known as Armageddon, he added.
Emails sent to Latvian authorities appeared to come from the same hacker group; they purported to contain information about humanitarian aid but included files with malware, he said.