Analysis shows decline in hacktivism

Ukraine

Analysis of 2022 cyber events shows decline in hacktivism around the war in Ukraine, but growth in cybercrime

  • Data compiled by Netskope’s Paolo Passeri indicates the wave of Russia-related incidents has broken, after surge of activity around the war in Ukraine
  • Hacktivist groups, such as Anonymous, also slowed efforts having initially focused activity on Russian oligarchs in Real Estate and Mining
  • Globally, cybercrime has continued to rise throughout the year with healthcare the most targeted sector

New data compiled by Paolo Passeri, Cyber Intelligence Principle, Netskope EMEA shows the wave of cyber attacks surrounding the Russian invasion of Ukraine has tailed off.

According to public data, there were 83 cyber events related to Russia between February 2022 and May 2022, accounting for almost 10% of all global cyber events in the period. However, this surge in activity was short-lived. There were just six incidents related to Russia in June and July, accounting for 1% of all cyber events globally. This dramatic fall in activity in the region suggests that cyber threat actors’ and hackivists’ efforts around the war in Ukraine have not been sustained throughout the conflict.

Cyber warfare has in fact been in steady decline globally since the beginning of the year, with 56% of all reported cyber warfare-related incidents taking place in February and March. The same pattern has been seen in hacktivism activities, which slowed across the board in June and July despite having actively targeted real estate and mining businesses owned by Russian oligarchs earlier in the year. However, Ukraine and its allied countries remain the constant target of cyber espionage operations carried out primarily by threat actors from Russia and Belarus.

Looking at the state of cyber events more broadly, Passeri’s analysis shows that financially motivated cybercrime remains the dominant form of cyber attack making up 72% of all incidents so far this year. Other findings include:

  • Healthcare continues to be the most targeted sector for cyber criminals, accounting for 14% of all cyber events so far this year. Of those attacks, just 0.5% could be attributed to cyber warfare with 99.5% of events being recorded as financially motivated cybercrime.
  • Public administration, including the defense industry, was also heavily targeted, accounting for 12% of all cyber events. 35% of these attacks were financially motivated cybercrime, with 26.7% hacktivism, 26.5% cyber espionage, and 10.5% cyber warfare.
  • Financial services, which comprises finance, insurance, and fintech, was targeted in 8% of all cyber events, with economic gain being the prevailing motivation for over 99% of attacks.

Paolo Passeri, Cyber Intelligence Principal at Netskope EMEA said; 

“The invasion of Ukraine sparked a flurry of cyber incidents relating to Russia in the early part of this year with a clear spike in cyber espionage, hacktivism, and cyber warfare targeting Russian businesses and individuals. The data shows however that this was short-lived with activity falling off considerably in recent months, most likely because hacktivist groups were not willing or able to sustain their efforts as the conflict continued.”

“In contrast, cybercrime incidents have continued to grow throughout the year. Despite the media attention received by cyber warfare and hacktivism campaigns, cybercriminals remain by far the biggest threat to businesses, particularly in healthcare, public services and financial services, which are consistently the sectors most frequently targeted.”

Passeri’s data is collated and expanded on his personal blog, Hackmageddon.com. The events analysed are gathered from OSINT sources, such as infosec blogs or news outlets, and are selected based on the impact (for example the profile of the target, the breadth and sophistication of the operation, and the financial loss or the number of leaked records in case of cybercrime events). Specific data is available on request.

For more news updates, check out our latest issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com

Subscribe to our newsletter

Don't miss new updates on your email
Scroll to Top