SSSCIP’s Perspective on the cyber-attacks unfolded in the context of the military conflict between Russia and Ukraine (January 2022 – January 2024)

Abstract

This paper evaluates the reports of the SSSCIP regarding cyber-attacks carried out against Ukraine from January 2022 to January 2024. From the exploitation of the CaddyWiper malware, attributed by SSSCIP to APT SANDWORM, to the sophisticated campaigns of the FSB and the cyber-attack on Kyivstar, the paper provides an insight into Russian-origin cyber-attacks against Ukraine, as reported by the main Ukrainian authority in the field, SSSCIP.The purpose of the article is to identify how SSSCIP reported cyber-attacks on Ukrainian IT&C infrastructures, the completeness of the published data, and the way the campaigns are presented. To achieve this goal, all SSSCIP reports from the reference period were evaluated, and only those that materialized and affected IT&C infrastructures were included in the study. In conclusion, the paper will primarily highlight the limitations of SSSCIP reports and, secondarily, SSSCIP’s perspective on the domains most frequently targeted by cyber-attacks and the capabilities of Russian actors.