Newly released data from CERT-UA reveals a sharp rise in Russian cyberattacks against Ukraine in 2024. The country faced 4,315 cyber incidents linked to Russian intelligence services—up nearly 70% from 2023’s count of 2,543. Yet despite this surge, only 4 of those incidents were considered critical, down 84% year-over-year.
This paradox highlights a complex reality. While Russia is increasing the volume of cyber operations, Ukraine’s digital defenses appear to be holding strong. Victor Zhora, former deputy chairman of Ukraine’s State Special Communications Service (SSSCIP), emphasized the connection between cyber and kinetic warfare: “There’s a huge cyber power targeting the entire country, and this power fully supports conventional war. Their strategy is to gain a battlefield edge where cyber serves military purposes.”
More Attacks, But Fewer Consequences
CERT-UA’s detailed 2024 report shows just how aggressive Russian threat actors have become. The number of incidents jumped 48% between the first half (1,739 incidents) and the second half (2,576). However, of the total 4,315 incidents, only 55 were classified as “high” severity, with just four marked “critical.”
The most significant attack occurred on December 19, when hackers targeted the Ministry of Justice’s state registries. That single event was the only critical attack in the second half of the year. It mirrors trends seen on the battlefield: Russia bombards its opponent with sheer volume, yet gains little ground. Many of its attempts fail to create real-world disruption.
Ukraine’s apparent resilience could be attributed to several factors. Experts suggest improved cybersecurity infrastructure, faster response times, and better threat intelligence. Others point to a possible overreliance on automated attack tools by Russian actors—tools that are easier to detect and stop.
Russia Shifts Focus to High-Value Targets
Despite the drop in critical outcomes, Ukraine has reasons to stay vigilant. Russia appears to be pivoting its focus toward government and military institutions. These targets, while fewer in number, have far greater strategic impact.
In 2023, attacks on government entities and local authorities made up around 20–25% of all Russian cyber activity. That figure more than doubled in 2024, with government-linked targets accounting for 58% of all incidents. Attacks on state organizations jumped 41% from H1 to H2, while incidents targeting local authorities rose 53%.
The military sector saw a similar shift. In 2023, only 7% of attacks hit Ukraine’s defense and security infrastructure. In 2024, that number climbed to 18%, with an 82% increase from the first half of the year to the second. According to Zhora, this includes attempts to infiltrate the Delta battlefield management system and infect soldiers’ smartphones with malware through spoofed QR codes. One such campaign used malicious QR codes to lure Signal users into connecting with Russian command-and-control servers.
Zhora explained the importance of these operations: “We cannot fully assess how these cyberattacks helped Russian troops, but some have shown limited success. It proves that the military sees a real return on cyber investment.”
He also highlighted a major development. GRU Unit 29155—previously known for ground operations—has added cyber capabilities to its arsenal. “This is the unit responsible for the Jan. 14, 2022, attack on Ukrainian government websites,” Zhora noted. “That was the start of the full-scale war. The first phase was cyber.”
As 2025 unfolds, Ukraine faces a dual challenge: fend off an increasing wave of low-impact cyber strikes while preparing for high-stakes operations targeting its core institutions. While CERT-UA’s latest report offers hope that defenses are working, the nature of Russian cyberattacks continues to evolve. With Russia adapting its strategies and focusing on battlefield impact, Ukraine must stay one step ahead to protect its digital and national sovereignty.
