Gartner Peer Insights Labyrinth the First Finalists for the ECSO CISO Choice Award 2025

We selected the most valuable ideas from Threat Research Report “Russia's Cyber Tactics: Lessons Learnt in H1’2023” and wanted to share them with those interested in modern cybersecurity landscape. 

The research is based on data collected by the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) and is based on their efforts to repulse attacks by Russian cyberhackers during the war.  Our team analyzed this report from the cyber deception approach perspective to emphasize how deception techniques may be used in cyberwarfare, when the price of failure is even much higher than in civil and business environments.  

Therefore, the most crucial points in “Russia's Cyber Tactics: Lessons Learnt in H1’2023” report are: 

 1. Attackers increasingly use various techniques to evade detection of their presence by EDR/XDRs. The existing EDR/XDR does not guarantee the Company's security when attacked by industrial or government hackers. 

2. Often, attacks start with penetration through Web-interfaces of systems (for example, Zimbra and RoundCube). 

In this case, even if there is a process of analyzing server log files, the Company's employees may miss the attack in the flow of events. 

3. Reduction of detection time is a crucial KPI metric when confronting highly motivated government hackers. 

4. Attackers are very interested in OT/SCADA class targets. Therefore, giving them what they want in the form of decoys within the cybersecurity deception approach is quite logical. 

5. " Attackers, therefore, tend to keep a low profile after being discovered and may reuse their knowledge of an organization's internals to regain access or find alternative entry points by exploiting trust and people's behavior (e.g., from emails) and the IT administrator environment." 

Conclusion: It is not always possible to quickly find an entry point into the infrastructure. It is necessary to distract the attackers as much as possible to gain time to analyze all the harmful files and artifacts. 

6. The most frequent penetration vector is phishing. This indicates the importance of file-baiting on as many hosts as possible to push the attacker more actively into network-baiting. 


Find out more: 

Report: the number of recorded cyber incidents almost tripled in 2022. https://cip.gov.ua/en/news/u-2022-roci-kilkist-zareyestrovanikh-kiberincidentiv-virosla-maizhe-vtrichi-zvit 

Russia’s Cyber Tactics: Lessons Learned in 2022 — SSSCIP analytical report on the year of russia’s full-scale cyberwar against Ukraine. https://cip.gov.ua/en/news/russia-s-cyber-tactics-lessons-learned-in-2022-ssscip-analytical-report-on-the-year-of-russia-s-full-scale-cyberwar-against-ukraine 

Cyber security experts lament west’s failure to learn lessons from Ukraine. https://www.ft.com/content/c7038f7e-48fb-4d76-a608-96eec217a654 

Subscribe to our Newsletter

You successfully subscribed!