Вікторія Горбік That's Life 13 March 2025, 15:39

72% of cyber incidents have a medium level of criticality. Cyber expert from the Ministry of Defense on attacks on the ministry by Russian hackers: method, countermeasures and bias

Oleg Shemetov, head of the expert group on information and cybersecurity policy, Directorate for Digital Transformation in the Defense Sector at the Ministry of Defense of Ukraine, told about the methods used by Russian special services to attack the Ministry of Defense, how the ministry counteracts them, and what they plan to do to improve security.

What is known about the «cyberattacks» on the Ministry of Defense

«72% of cyber incidents are medium-level, 17% are high, 8% are low, and 3% are critical,» Oleg Shemetov shared the statistics of cyberattacks targeting the ministry according to the Security Operations Center during a panel at the Kyiv International Cyber Resilience Forum 2025.

Using different figures, the head of the expert group on cybersecurity at the Ministry of Defense reported that 86% of attacks are carried out by groups associated with Russian special services, in particular Gamaredon/UAC-0010. In addition, cyberattacks were recorded by the Turla group, which also originates from Russia, directs attacks against the defense forces using the CAPIBAR and KAZUAR malware and works in the interests of the FSB.

Shemetov also emphasized that DDoS attacks, which previously prevailed, are no longer so popular among attackers. Long-term penetrations have now become more popular, when hackers first study the infrastructure, sometimes for a month, and only then carry out a targeted attack.

Among the categories into which cyber incidents at the Ministry of Defense are divided:

65% — malicious code;
15% — intervention;
13% — attempted intervention;
4% — others;
2% — information collection by the attacker;
1% — accessibility violation.

«In just one week, we record about 850 security system failures,» said Oleg Shemetov, adding that in total, the Ministry of Defense registers more than 5,000 cyber incidents per year.

How is the ministry secured?

In responding to cyber threats, according to the head of the cybersecurity expert group, the ministry is focusing on updating security policies, training personnel, and cooperating with international partners. However, Oleg Shemetov emphasizes that a comprehensive strategy and collective defense work best against cybercriminals. It is in cooperation, exchanging information about potential threats with the General Staff, law enforcement agencies, and international partners, according to him, that true cyber resilience is achieved.

«We call not only on law enforcement agencies, but also on civil organizations to cooperate with the Center and exchange practical experience,» notes Oleg Shemetov.

In addition, the Ministry of Defense is actively expanding the cyber defense system and creating specialized units, in particular, the Cyber Incident Response Center (Security Operations Center).

Plans to strengthen cybersecurity

To increase cyber resilience next year, the Ministry of Defense plans to implement new systems.

In addition, the ministry plans to transform the Center into MIL.CERT-UA to coordinate the protection of the power unit, as well as implement other cybersecurity strategies.

In addition to strengthening responses to threats, Oleg Shemetov emphasized the importance of preventive measures that are also planned to be implemented. In particular, these include improving the cyber defense system, increasing user awareness, and using advanced attack detection technologies.