All news

An analysis of cyber incidents in Ukraine from 2022 to 2024 reveals a significant shift in the priorities and tactics of Russian hacking groups. This is detailed in the report "War and Cyber: Three Years of Struggle and Lessons for Global Security," which specialists from the State Service of Special Communications and Information Protection (SSSCIP) developed in conjunction with the analytical center ICE Task Force.

Among the key threats for all categories of organizations remain non-updated software and other gross errors of system administrators. This is stated in the analytical report “Russian Cyber ​​Operations” H2’2024, prepared by specialists of the CERT-UA team, which operates as part of the State Cyber Defense Center of the State Service for Special Communications.

MITRE, a leading organization in the cybersecurity field, has announced the 17th update to its ATT&CK framework. This framework is used globally for modeling adversary behavior, analyzing threats, and improving cybersecurity systems. The update reflects the latest trends in cyberattacks, incorporates new platforms, clarifies adversary tactics, and provides deeper insights into defensive measures.

Russian-backed hacking groups are refining their tactics and will likely intensify their cyber operations against Ukraine. Therefore, all owners of information infrastructure must ensure maximum preparedness for potential cyberattacks.This warning was issued by Ihor Malcheniuk, Director of the Cybersecurity Department of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP), speaking at the Secure International Summit in Bydgoszcz, Poland, where he was a keynote speaker.

The government computer emergency response team CERT-UA has recorded numerous cases of targeted cyberattacks against both employees of defense-industrial complex enterprises and individual representatives of the Defense Forces of Ukraine.During March 2025, the Signal messenger detected the distribution of messages with archives that allegedly contain a report with the results of a meeting. At the same time, in some cases, to increase trust, messages can be sent from persons from the list of existing contacts whose accounts have been compromised in advance.

Today, digital security is a matter of national resilience, and everyone shares responsibility for cybersecurity – government agencies, the private sector, expert communities, and civil society alike. Women are playing an increasingly important role in this, especially in the context of war, as they find their place in professions traditionally considered "male."

The training was organized by the Cybersecurity and Infrastructure Security Agency of the Department of National Security of the United States of America (CISA) with the support of the USAID Project "Cybersecurity of Critical Infrastructure of Ukraine".

The curriculum consisted of 2 modules and practice:- Module 1 - SQL 1 Fundamentals;- Module 2 - PL/SQL Fundamentals.The training concept was to present the basic principles of operation of industrial control systems, possible vulnerabilities and methods of protection.

The training program consisted of two modules:- Module I – general training;- Module II – specialized training.The concept of the training was to present the training group in the form of a SOC (Security Operations Center) and, using theoretical and practical training elements, familiarize the training group with SOC activities.

Representatives of the State Research Institute of Cyber Security Technologies participated in the ICS-UKR-CERT program and gained theoretical and practical skills in understanding the work of CERT/CSIRT INCIBE, their interaction with the public/private sector and citizens.Completion of the specified training event allowed the participants to find useful tools for testing systems and networks for vulnerability (Shodan), to increase the general level of knowledge about the features and nature of attacks and vulnerabilities, the level of knowledge about cyber defense of systems and networks, to learn new features of testing systems for vulnerability, to obtain statistical data regarding the most common vulnerabilities in network infrastructures, to consider the possibility of applying and implementing the obtained tools and methods in their own activities.