Charl Van Der Walt, Orange Cyberdefense
As we mark the third anniversary of the Russian invasion of Ukraine in February 2022, it is essential to reflect on the profound impact this conflict has had on the global cyber security landscape. The war has not only reshaped geopolitical dynamics but has also significantly influenced the nature and frequency of cyber threats, cyber crime, operational technology (OT) attacks, and hacktivism.
In the early stages of the conflict, we observed a disruption in cyber extortion operations by actors based in the region, as the chaos of war created instability for these criminal enterprises as much as for regular citizens. However, as the situation stabilised, cyber extortion surged once again, with actors bouncing back to new levels of activity. The Security Navigator 2025 report highlights that while growth in cyber extortion incidents has since “stabilised,” the tactics employed by cyber criminals have evolved, for example with AI tools being utilised to enhances attackers' operational performance and makes it relatively easy to produce phishing and other social engineering techniques.
The war has also catalysed a rise in targeted cyber threats against critical infrastructure, particularly in Ukraine. The report emphasises that “targeted Operational Technology (OT) threats” have surged, with state-sponsored actors leveraging cyber capabilities to disrupt essential services. Russian Advanced Persistent Threat (APT) groups like Sandworm have been linked to several destructive malware campaigns, including the deployment of ‘HermeticWiper’ and ‘CaddyWiper,’ which aim to erase critical data and disrupt operations within Ukrainian organisations. These attacks have been characterised by their sophistication and sometimes coordination with kinetic military operations, demonstrating a clear strategy to undermine Ukraine's resilience.
Intelligence reports also detail the activities of the Gamaredon group, a Russian state-sponsored actor responsible for extensive cyber espionage campaigns against Ukrainian entities. This group has been active since 2014 and has been exceptionally busy of late, primarily targeting government systems to exfiltrate sensitive information. Its recent campaigns have involved spear-phishing attacks and the deployment of custom malware.
No comments:
Post a Comment