Google: Ukraine remains Russia's top cyber target in 2023

Google’s Threat Analysis Group (TAG) has released a new blog post providing insights into Russian GRU (Federal Intelligence) government-backed cyber activity in the first quarter of 2023. The report found that Russia continued to focus its cyber operations on Ukraine, with the country accounting for over 60% of observed Russian targeting.

The new report is an expansion of research the Google cybersecurity research unit revealed in February. That report outlines key Russian cyber offensive tactics against Ukraine since the precursor activities of the Russian invasion of Ukraine.

Misinformation, malware, and phishing top Russian GRU cyber activities

TAG found that Russia was using a variety of methods to target Ukraine, including phishing, malware, and misinformation. The report noted that Russia was particularly successful in using phishing to target the Ukrainian government and military officials.

Other targets according to TAG included “multiple campaigns against energy sector organizations in Eastern Europe”, and “multiple waves of credential phishing campaigns targeting the Ukrainian defense industry, military, and Ukr.net webmail users.”

A spoofed Telegram social media website login page, which is used by Russian threat actors to capture credentials from Ukrainian targets. (Source: Google)
A spoofed Telegram social media website login page, which is used by Russian threat actors to capture credentials from Ukrainian targets. (Source: Google)

In addition to Ukraine, TAG also found that Russia was targeting NATO countries and other allies of Ukraine. The report found that Russia was using a variety of methods to target these countries, including misinformation and hacking.

Google: Russian GRU spreading misinformation on Telegram, Substack

According to Google’s researchers, “Moscow continues to leverage the full spectrum of information operations — from overt state-backed media to covert platforms and accounts — to shape public perception of the war in Ukraine.”

This includes spreading misinformation across popular social media platforms such as Telegram and the blogging site Substack.

Google has been tracking Russian GRU user @bio_genie for spreading anti-United States and anti-Ukraine disinformation on Telegram and Substack. (Source: Google)
Google has been tracking Russian GRU user @bio_genie for spreading anti-United States and anti-Ukraine misinformation on Telegram and Substack. (Source: Google)

TAG concluded that the Russian government is continuing to use cyber operations as a tool of psychological and digital warfare. It’s evident Russia is likely to continue to use cyber operations to target Ukraine and other allied countries indefinitely.

The continued focus of Russian government-backed actors on Ukraine is a cause for concern. These attacks can have a significant impact on the Ukrainian people, as well as the global economy.

The report provides valuable insights into the Russian government’s cyber operations and reveals some of their priorities in selecting Ukrainian targets.

There has been continuous debate about Russia’s cyber activities and effectiveness throughout this war. However, this latest report is hopefully a reminder that Russia is a major cyber threat and that organizations around the world need to be vigilant in protecting themselves from Russian cyber attacks.

Disclaimer: The author of this article is a current employee of Google. This article does not represent the views or opinions of his employer and is not meant to be an official statement for Google, Google Cloud, or the Alphabet holding company.


Discover more from Cybersecurity Careers Blog

Subscribe to get the latest posts sent to your email.