Since the Russian military invasion of Ukraine in February 2022, there has been a surge of 250% in Russia's cyber attacks against Ukraine. This is according to a new joint report by Google's Threat Analysis Group (TAG) and Mandiant.
The attacks have focused heavily on the Ukrainian government and military entities, as well as critical infrastructure, utilities, public services, and media sectors. Mandiant has observed "more destructive cyber attacks in Ukraine during the first four months of 2022 than in the previous eight years."
As many as six unique wiper strains have been deployed against Ukrainian networks, suggesting a willingness on the part of Russian threat actors to forgo persistent access. Phishing attacks aimed at NATO countries witnessed a 300% spike over the course of the same period.
These efforts were driven by a Belarusian government-backed group dubbed PUSHCHA (aka Ghostwriter or UNC1151) that's aligned with Russia.
Some of the key actors involved in the efforts include FROZENBARENTS (aka Sandworm or Voodoo Bear), FROZENLAKE (aka APT28 or Fancy Bear), COLDRIVER (aka Callisto Group), FROZENVISTA (aka DEV-0586 or UNC2589), and SUMMIT (aka Turla or Venomous Bear).