The number goes into khakism – Newspaper Kommersant No. 31 (7476) dated 20.02.

Russian companies in the field of cybersecurity record a decrease in the number of attacks by non-professional but politically motivated hackers on the infrastructure of Russian companies and departments. Some hacktivists lost interest in participating in attacks over the year, while others decided to improve their skills and join professional groups, experts say. In their opinion, as a result, we can expect an increase in the number of more accurate and more difficult to detect attacks on the critical infrastructure of the Russian Federation.

Kommersant got acquainted with the Rostelecom-Solar report on the number and structure of cyber attacks on Russian companies in the second half of 2022. It follows from the document that 495 attacks were recorded from July to December, 19% more than in the first half of the year. In total, the company established the fact of 911 thousand attacks in a year, twice as many as in 2021.

Rostelecom-Solar clarified that against the backdrop of a general increase in attacks in the second half of the year, their number decreased by hacktivists – non-professional hackers acting for political rather than commercial reasons using simple tools, such as massive DDoS attacks or attacks on web sites. servers. For example, if in the first half of the year the share of attacks by hacktivists on web servers in Russia was 11% of all incidents, then in the second half of the year it was only 1%.

Hacktivists, as a rule, are attracted to attacks on Russian infrastructure through ads on the dark web and Telegram channels, where they coordinate their actions.

“The number of such attacks, as well as announcements, has also decreased, while messages about the organization have moved to closed groups and chats. Attackers began to organize more complex attack vectors aimed at the same politically significant goals, ”explains Alexey Pavlov, director of business development at the Rostelecom-Solar Solar JSOC Cyber ​​Attack Center.

For example, says Mr. Pavlov, these are no longer announcements about available proxy servers, but invitations to closed training on Kali Linux (a Linux distribution that has a wide range of tools for hacking and penetration testing). “Hacktivists began to improve their skills and operate under the guidance of more professional hackers,” he notes.

In the hacktivist Telegram channels, there are still calls to attack certain Russian organizations, but the response has become weaker, says Alexei Kuznetsov, technical head of the security analysis department at MTS Cybersecurity.

“If earlier, after the organizers of the attacks identified the next DDoS target, we saw an attack at a speed of 20 Gb / s, now it is 3 Gb / s,” says Mr. Kuznetsov.

Hacktivism is built on an emotional component and usually does not pursue financial goals, so it is quite understandable that many hacktivists, having declared their beliefs and caused attention to certain events, after a while go into the shadows, explains Andrei Arsentiev, head of analytics and special projects at InfoWatch Group. “At the same time, some, having mastered hacker tools and carried out a number of successful attacks, decide to become professional hackers,” he clarifies.

The latest high-profile politically motivated attack on the infrastructure of Russian departments was the November hacking of the systems of the State Radio Frequency Center (GRFC) of Roskomnadzor (see “Kommersant” dated November 18, 2022). The Cyber ​​Guerrilla group claimed that as a result of the disruption of the infrastructure, they were able to upload 2 TB of the organization’s internal documents, as well as encrypt its servers. The GRCHTs confirmed the hack, but said that “the situation was manageable,” and the attackers did not gain access to the department’s internal information. But already in February of this year, a number of foreign media, referring to the internal documents of the SRC, published investigations about the work of the agency’s monitoring systems.

The retraining of hacktivists as professional hackers threatens, first of all, the state and industrial sectors as the most attractive for espionage, Mr. Kuznetsov believes, adding that banks will also be hit later as the most interesting targets in terms of obtaining funding for hacktivism. If there is a trend to shift attacks to a more professional plane, the expert notes, they will become more secretive, more difficult to detect without a large amount of protection tools and round-the-clock monitoring of events in the infrastructures of organizations.

Nikita Korolev, Tatiana Isakova