Russian-backed hacking groups are refining their tactics and will likely intensify their cyber operations against Ukraine. Therefore, all owners of information infrastructure must ensure maximum preparedness for potential cyberattacks.

This warning was issued by Ihor Malcheniuk, Director of the Cybersecurity Department of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP), speaking at the Secure International Summit in Bydgoszcz, Poland, where he was a keynote speaker.

Malcheniuk expressed gratitude to his Polish colleagues for their cooperation and support during these challenging times, emphasizing that true friends are not only those who provide resources and ammunition but, above all, those who stand shoulder-to-shoulder, facing uncertainty together in solidarity.

He elaborated on the work of Ukraine's Computer Emergency Response Team (CERT-UA), which operates within the SSSCIP. Last year, CERT-UA recorded 4,315 cyber incidents, a 70% increase compared to the 2,541 incidents reported in 2023. At the same time, experts are observing a positive trend of decreasing critical and high-severity cyber incidents. In 2022, such incidents accounted for 48% of the total, dropping to 14% in 2023, and only 1% in 2024. This achievement is largely attributed to collaboration with partners and their support, particularly productive cooperation with the private cybersecurity sector.

"Do we expect the aggression in cyberspace to cease? No, on the contrary, we expect the number of incidents to increase, not decrease. We anticipate an increase and expansion in the scale of cyber operations. We expect Russia to scale up its experience and advance further in its cyber operations. The adversary will constantly try to penetrate and remain in as many systems as possible, install implants, and stay there," Malcheniuk stated.

Russian hacking groups have significantly improved their tactics. Their attacks target central and local authorities, the security and defence sector, energy and utilities, telecommunications and IT services, as well as transportation and logistics.

"Disruptions in any of these sectors have a cascading effect. Power outages disable communications and IT. Loss of communication makes data exchange between critical sectors impossible, contributing to isolation and disorganization. Damage to IT infrastructure disrupts the provision of essential services, leaving organizations without data, automation, and the ability to provide digital services to citizens and businesses," Malcheniuk explained.

Ukraine has learned to withstand these challenges and is ready to share its wartime experiences. International cooperation is particularly important in this process, as foreseen in the 27 security agreements signed by Ukrainian President Volodymyr Zelenskyy.

The 29th Secure International Summit 2025 is organized by the National Research Institute of Poland (NASK). This year's conference is particularly significant as it takes place during Poland's presidency of the Council of the EU, with cybersecurity as a key priority. Poland aims to update the EU's response system to large-scale cyber incidents and improve civil-military cooperation in cyber defence. It's no surprise that the summit brought together numerous cybersecurity experts from around the world.