Five Russian government-backed groups carry out cyberattacks against Ukraine and NATO countries – Google

This is stated in the Fog of War report published by Google.

Cyberattacks on Ukrainian and NATO institutions are carried out by the hacker groups FrozenLake, Coldrive, Summit, FrozenBarentz, and FrozenVista. One of their main strategies is phishing. Hackers most often attack Gmail and other email services of the Ministry of Defense, the Ministry of Foreign Affairs, etc.

For example, according to Google's threat analysis, the FrozenBarentz group has ties to Russia's main intelligence agency. It conducts espionage activities, spreads disinformation and destroys information systems. The group's main targets are Ukraine's infrastructure, which was hit in 2015-2016, as well as NATO countries, South Korea, and Georgia. The Turkish manufacturer of unmanned aerial vehicles Bayraktar also came under the FrozenBarentz cyberattack.

The Summit hacker group, according to Google's threat analysis, is affiliated with the FSB. The group's members are exclusively engaged in espionage, mainly in NATO security forces, which are their main targets. Also in July 2022, Summit disguised malware as a program that could be downloaded from a domain similar to the Azov Regiment website.

In addition to Russian hacker groups, Google's report also includes the Belarusian Pushcha group. It conducts espionage activities and information campaigns. In particular, in 2021, Pushcha conducted the Ghostwriter campaign, during which it distributed pro-Russian publications. To do this, hackers hacked news sites and posted fake news.

Google analysts note that hacker attacks from Russia began even before the full-scale war. The first phishing campaigns against Ukraine were recorded in April 2021. In 2022, the number of cyberattacks against Ukraine increased 3.5 times compared to 2020, and against NATO member states – 4 times.

They emphasize that Russia has used many information operations to shape public perception of the war. They are aimed at undermining the Ukrainian government, interrupting international support for Ukraine, and strengthening support for Russia in the war at home.

Google predicts that Russian hacker groups will continue to carry out attacks to achieve Russia's strategic goals. These attacks will be directed primarily against Ukraine, but will increasingly spread to NATO countries and their partners.

Google analysts also argue that Russia will continue to increase the scale and pace of information operations to achieve its goals. Such operations will intensify as key milestones approach, such as international financing, military assistance, domestic referendums, etc. However, according to analysts, it is unclear whether Russia will achieve the desired effect in this way or, on the contrary, will strengthen opposition to its aggression.