Skip to content

Google’s Threat Analysis Group (TAG): Ukraine remained primary target for Russia’s groups

In 2023, Ukraine remained Russia’s primary target for cyber-espionage, according to a report by Google’s Threat Analysis Group (TAG). The report detailed various state-sponsored hacking campaigns against Ukrainian targets, highlighting the extent to which Russia has integrated cyber operations into its broader political and military strategy.

TAG’s analysis revealed that in the first quarter of 2023, Russian threat actors carried out phishing attacks against Ukrainian targets at a scale and intensity not seen since the height of the conflict in 2014. Roughly 60% of all phishing attacks that targeted Ukraine during that period were traced back to Russian actors. TAG also detected an increase in Russian “spear-phishing” campaigns that targeted Ukrainian government officials, military personnel, and critical infrastructure.

In one notable incident, Russian hackers were able to successfully compromise the networks of multiple Ukrainian government agencies using a malware variant called “Zebrocy.” The malware is designed to remain undetected on the victim’s system while allowing the attacker to exfiltrate sensitive information. TAG’s report also identified a variety of other sophisticated malware tools being used against Ukrainian targets, including the “Gamaredon Group’s” custom-built RAT malware and the “Turla Group’s” “ComRAT” malware.

The report highlights how cyber-espionage has become a key part of Russia’s broader political strategy, with Russian state-sponsored hackers conducting sophisticated campaigns designed to obtain sensitive political, economic, and military intelligence. In addition to Ukraine, Russian threat actors are also known to target other countries in the region, including the Baltic States and Georgia.

TAG’s report emphasizes the need for increased cybersecurity measures to defend against the growing threat of state-sponsored cyber-attacks. The report recommends that organizations and governments adopt a “defense-in-depth” approach to security that includes advanced threat detection and response capabilities, network segmentation, and employee training to reduce the risk of successful phishing attacks.

In conclusion, the TAG report highlights the ongoing threat that Russian state-sponsored hackers pose to Ukraine and other countries in the region. As cyber-espionage continues to be integrated into broader geopolitical strategies, it is essential that organizations and governments adopt advanced security measures to defend against this growing threat.

Full report might be found here https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/