Ukraine remains Russia’s biggest cyber focus in 2023

FROZENBARENTS (Sandworm), attributed to Russia’s GRU Unit 74455, continues active operations in support of the war in Ukraine, conducting intelligence collection, information operations, and leaking stolen data via Telegram. The actor uses a wide range of capabilities — credential phishing, mobile activity, malware, and exploitation of externally facing services — and has been observed exploiting Exim mail servers since at least 2019 to access victim networks, interact with accounts, send malicious emails, and support IO activity against government, defense, energy, transportation, education, and humanitarian sectors.