Cyber attacks on Ukraine and NATO are carried out by 5 hacker groups, coordinated from Russia – Google

Friday, 17 February 2023, 16:49

Cyber operations play a prominent role in Russia's war against Ukraine; attacks on Ukraine and NATO countries are carried out by five hacker groups linked to the Russian government, some of which cooperate with the Chief Intelligence Office (GRU) and the Federal Security Service (FSB).

Source: report titled "Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape", based on analysis conducted by Google's Threat Analysis Group [TAG], as well as Mandiant and Trust & Safety companies, analysed and reported by Radio Liberty

Details: The Ukrainian government is under ceaseless cyber attack, say Google experts.

Russian government-backed hackers stepped up cyber operations starting in 2021, just before Russia's invasion of Ukraine. 

In 2022, Russia increased its targeting of users in Ukraine by 250% compared to 2020, and its targeting of users in NATO countries by over 300%.

Among the hacker groups that organise cyber attacks on Ukrainian and NATO institutions are FrozenLake, Coldriver, Summit, FrozenBarents and FrozenVista.

Experts name phishing as one of the main strategies of these hacker groups. Most often, hackers attack Gmail, as well as the mail services of various government institutions: the Ministry of Defence, the Ministry of Foreign Affairs, and others.

In particular, the FrozenBarents group, according to the Google threat analysis group, is connected to the GRU and the Russian army, and is engaged in espionage, disinformation, and destruction of information systems.

The targets of the group's attacks include Ukrainian infrastructure that was hit in 2015 and 2016, NATO countries, Georgia, and South Korea. One of the targets of the FrozenBarents cyberattacks was the Turkish drone manufacturer Bayraktar.

The Summit group, according to experts, is connected to the FSB. They are engaged in espionage. The targets of the hackers were mainly the security forces of NATO countries.

In July 2022, the group disguised malware as a program that can be downloaded from a domain similar to the website of the Azov Regiment.

Google's report also highlights the Belarusian group Pushcha, which engages in espionage and conducts information campaigns. In 2021, the group conducted the Ghostwriter campaign, during which it distributed pro-Russian publications by hacking news sites and placing fake publications there.

Journalists fight on their own frontline. Support Ukrainska Pravda or become our patron!