cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Russian cyber attacks on Ukraine spike 250%

Cyber attacks on Ukraine from Russia have skyrocketed over the last two years, according to a new report from Google.

user icon Daniel Croft
Wed, 22 Feb 2023
Russian cyber attacks on Ukraine spike 250%
expand image

Joint research between Mandiant and Google’s Threat Analysis Group (TAG) found that the frequency of cyber attacks by Russia against Ukraine climbed 250 per cent in 2022, lining up with the former’s invasion of the latter.

“Mandiant observed more destructive cyber attacks in Ukraine during the first four months of 2022 than in the previous eight years, with attacks peaking around the start of the invasion,” said Shane Huntley, senior director of the Google TAG.

“While they saw significant activity after that period, the pace of attacks slowed and appeared less coordinated than the initial wave in February 2022.”


Attacks typically targeted government, military, media, public services utilities, and critical infrastructure.

Mandiant and the TAG identified that Russian hackers have three main goals — “undermine the Ukranian government, fracture international support for Ukraine, and maintain domestic support in Russia for the war”.

“Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to gain a decisive wartime advantage in cyber space, often with mixed results,” said Huntley.

Hackers used up to six different wiper strains on Ukrainian networks, including CaddyWiper, HermeticWiper, Industroyer2, IsaacWiper, SDelete and WhisperGate.

Other North Atlantic Treaty Organisation (NATO) nations have been targeted, too, with a 300 per cent increase in phishing attacks over the same period.

At the head of this campaign is hacking group Pushcha (aka Ghostwriter or UNC1151), who is backed by the Belarusian government and have ties to Russia.

Alongside Pushcha, groups such as FrozenBarents, FrozenLake, ColdRiver, FrozenVista, and Summit have launched fishing attacks.

Following the cyber attacks, Ukraine is arguing that the use of cyber warfare to target civilian infrastructure and support their kinetic attacks on civilians could constitute war crimes.

“When we observe the situation in cyber space, we notice some coordination between kinetic strikes and cyber attacks, and since the majority of kinetic attacks are organised against civilians — being a direct act of war crime — supportive actions in cyber can be considered as war crimes,” said Victor Zhora, Ukraine’s chief digital transformation officer.

The Geneva Convention said that attacks against civilians could constitute war crimes under international humanitarian law. Cyber crimes are currently undefined, and researchers have been pushing for them to be added to war crime investigations currently underway by the International Criminal Court (ICC).

Targeting NATO nations could also trigger Article 5, which says if “a NATO ally is the victim of an armed attack, each and every other member of the alliance will consider this an act of violence as an armed attack against all members and will take the actions it deems necessary to assist the ally attacked”.

It is currently not determined whether a cyber attack constitutes an armed attack.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.