The number of cyber groups attacking Russia has grown by more than 20%

Cybersecurity experts note an increase in the number of cyber groups attacking Russia. This year alone it has increased by more than 20%. The development of criminal IT groups is facilitated by the active sale of hacker tools on the shadow market, which, among other things, reduces the threshold for entering this market. At the same time, monetization of cyber attacks, for example, through extortion, has become the most significant goal, although hackers continue to unite for political reasons.

Kommersant got acquainted with the data of cybersecurity companies on the dynamics of the number of hacker groups whose targets are primarily the Russian IT infrastructure. Thus, according to BI.ZONE, this year the number of such groups has increased by more than 20% year on year. The vast majority of associations (76%) are financially motivated, and only a small part are associated with political movements (9%) and espionage (15%). However, BI.ZONE clarifies that some of the groups consisting of “hacktivists” (voluntary participants in cyber attacks) now pursue not only political, but also financial goals.

In 2023, Ideco notes, the number of groups increased by 33% year on year. At least three new large associations have already been identified in 2024: Lazy Koala, Muliaka and M0r0k.

FACCT (formerly Group IB) confirms the trend towards an increase in the number of hacker groups, but estimates it at 25% for the entire 2023. According to the company, “pro-Ukrainian hacktivists” were behind the majority of DDoS attacks (attacks on a server using the “denial of service” model) and the publication of stolen databases of Russian structures in 2023. In general, according to FACCT, in 2023, the Russian Federation and CIS countries attacked 14 “pro-state hacker groups”, the targets were government agencies, critical information infrastructure organizations (CII) and defense industry enterprises.

“The growth in the number of groups is facilitated by the availability of commercial malware, as well as the widespread use of open source tools that allow even unskilled hackers to carry out attacks on organizations,” believes Oleg Skulkin, head of BI.ZONE Threat Intelligence.

Director for Strategic Alliances and Interaction with Government Authorities of the Garda Group of Companies Pavel Kuznetsov adds that it is the distribution of malicious tools by hackers that now makes it difficult to determine whether the attackers belong to a particular group.

Based on certain signs, the expert clarifies, the investigation can, with a high degree of probability, point to a specific group that uses complex tools and algorithms of action, but the use of the same tools by different groups reduces this probability.

Since the beginning of the conflict in Ukraine, the Russian IT infrastructure has been predominantly attacked by politically motivated groups consisting of “hacktivists”; at peak moments, the growth of their attacks using malicious traffic reached 200% (see “Kommersant” dated May 27, 2023). In general, according to the Ministry of Internal Affairs, at the beginning of 2024, the upward trend in the number of IT crimes continued: their number increased by 23.5% compared to the same period in 2023, department representatives reported. One of the major incidents was the attack on the Agrocomplex named after. N.I. Tkachev using a ransomware virus, the volume of hackers’ demands reached 500 million rubles. (see “Kommersant” dated April 10).

FACCT notes that, despite the development of financial motivation in addition to political, hacker groups attacking Russia now “tend to unite rather than compete.”

The decrease in the number of politically motivated groups indicates their merger, and not the disappearance of certain communities, agrees Oleg Skulkin.

By the end of 2024, the number of criminal associations may grow by at least 15%, to more than 32, Ideco expects. “In the context of an acute geopolitical conflict, the activity of “hacktivists” and professional pro-state groups will not decrease in the near future,” agrees FACCT

The attackers’ priority goals will be espionage, theft of intellectual property and gaining access to business data, say FACCT. At risk, experts say, are government agencies, enterprises of the military-industrial complex and research organizations. The geopolitical situation, BI.ZONE adds, “will continue to have a significant impact on the growth of cyber attacks, regardless of the motivation of the attackers.”

Tatiana Isakova