According to a recent analysis, the cyber threat landscape has changed dramatically one year since the Russian invasion of Ukraine.

Google TAG, Mandiant, and Trust & Safety have released a report titled, Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape, based on analysis from Google’s Threat Analysis Group (TAG), Mandiant, and Google Trust & Safety. It includes new findings, retrospective insights, and deep dives into specific campaigns from 2022. Some of the key observations from the report:

• Aggressive multi-pronged effort: Russia’s cyber operations have become increasingly aggressive over the past few years. In 2021, during the run-up to the invasion, Russian government-backed attackers shifted their focus to Ukraine and saw a dramatic increase in their use of destructive attacks on the Ukrainian government, military, civilian infrastructure, and more. This trend has continued into 2022, with a significant increase in spear-phishing activity targeting NATO countries as well as an uptick in cyber operations designed to further various Russian objectives. Destructive cyberattacks have been on the rise, and many operations aim to balance competing priorities of access, collection, and disruption.
• Moscow has leveraged the full spectrum of IO: Moscow is utilizing a range of media outlets and platforms to manipulate public opinion of the war. These operations aim to undermine the Ukrainian government, fracturing foreign support for Ukraine and maintaining domestic support in Russia for the war. Google says it is actively working to counter these actions as they often violate its policies and disrupt overt and covert IO (information operations) campaigns. The majority of this Russian IO is in the Russian language and mainly focused on sustaining domestic support in Russia for the war.
• A notable shift in the Eastern European cybercriminal ecosystem: The invasion of Ukraine has had a significant effect on the cybercriminal ecosystem in Eastern Europe, causing some groups to split up and others to lose vital members. Specialization in ransomware has made it more difficult to identify who is behind an attack. Also observed are some tactics associated with financially motivated criminals being used in campaigns targeting governments. There has been no surge of attacks against critical infrastructure outside of Ukraine, which was unexpected.

What’s next: Russian government-backed attackers are expected to continue cyber attacks against Ukraine and NATO partners in order to further Russian strategic objectives. According to the report, these attacks will become more destructive and disruptive in response to developments on the battlefield that could be seen as an advantage for Ukraine, such as military aid or foreign commitments. Russia is likely to increase its IO to achieve its objectives, but there is no certainty that this will be successful.