Key Takeaways
- Russian cyberattacks on Ukraine increased by 69.8% in 2024, totaling 4,315 incidents, up from 2,541 in 2023.
- Most attacks targeted government, defense, energy, telecom, and commercial sectors.
- Attack types included phishing, malware distribution, account/system compromise, and DDoS.
- Only 55 incidents were classified as "high" severity and just 4 as "critical" in 2024.
- The most disruptive attack temporarily disabled Ukraine's Ministry of Justice state registries and digital government services in December 2024.
- Russian APT groups such as Trident Ursa (Gamaredon) played a leading role in intelligence gathering and access operations.
- Ukraine’s rapid detection, response, and resilience measures limited the impact of most attacks.
Volume and Attribution: 2024 in Numbers
Ukraine’s Computer Emergency Response Team (CERT-UA), under the State Service of Special Communications and Information Protection (SSSCIP), processed 4,315 cyber incidents in 2024—a 69.8% increase over the previous year. The surge reflects both increased Russian operational tempo and Ukraine’s improved detection capabilities. Most attacks were attributed to Russian intelligence agencies, including the GRU and FSB, with APT groups like Trident Ursa (Gamaredon) remaining highly active. 1, 2
Target Sectors
Attackers focused on:
- Local government bodies and national government organizations
- Security and defense sector
- Energy sector and critical infrastructure
- Telecommunications and commercial enterprises
The intent was to steal sensitive information, disrupt operations, and undermine public trust. However, most attempts were thwarted before causing lasting damage. 1
Attack Types and Tactics
According to CERT-UA and technical analysis by Unit 42, the most common attack vectors included:
- Phishing emails and malicious attachments
- Malware distribution (notably wipers, remote access trojans)
- Compromising accounts and systems via credential theft
- DDoS attacks targeting public-facing services
A December 2024 attack on Ukraine’s Ministry of Justice disrupted government digital services, but recovery was swift and no confirmed data leak occurred. 1, 2
Severity and Impact Assessment
While the volume of incidents spiked, the majority were of low or medium severity. Out of thousands of incidents, only 55 were rated "high" severity and just 4 as "critical." The most significant disruption affected the Ministry of Justice registers, which were restored within weeks. Ukraine’s digital resilience and rapid response limited the real-world impact of most attacks. 2
Russian APT Groups: Trident Ursa (Gamaredon)
The research highlights the ongoing operations of Trident Ursa (Gamaredon), an APT group attributed to Russia’s FSB, which specializes in intelligence gathering and persistent access against Ukrainian targets. Their tactics included phishing, malware, and infrastructure compromise, but most operations were detected and mitigated before achieving strategic objectives. 2
Outlook for 2025
Ukrainian and Western experts anticipate continued high volumes of Russian cyber operations in 2025, with a likely focus on critical infrastructure and military targets. Defensive improvements, international cooperation, and public cyber hygiene remain essential for minimizing impact.
Final Thoughts
The 70% surge in Russian cyberattacks on Ukraine in 2024 underscores the intensity of the ongoing cyber conflict. However, the limited impact—despite the volume—demonstrates Ukraine’s growing cyber resilience and the importance of proactive defense, rapid response, and international support. Organizations worldwide can draw lessons from Ukraine’s experience in defending against persistent, state-sponsored threats.
Related Articles
- XORDDoS Trojan: 2023–2025 Global Linux DDoS Campaigns, Evolving Infrastructure, and U.S. Targeting
- SentinelOne Fallout: Industry Response and Long-Term Risks
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures