Surge of activity: Russia is being attacked by a record number of hackers

In the first half of 2025, Russian government agencies and companies were attacked by 95 different hacker groups, which is almost 2.5 times more than a year earlier, according to information from cybersecurity companies. Two thirds of all attacks were directed at critical infrastructure facilities. According to experts, such a sharp increase is explained by the reduction in the cost of attacks due to the use of AI, the continued activity of pro-Ukrainian hacktivists and violations of the rules for the secure development of web resources and services.

Who is attacking Russian companies and why

Since the beginning of 2025, 95 groups have been detected in hacker attacks on Russia, which is a record figure in the entire history of monitoring such activity, the press service of BI.ZONE, a digital risk management company, told Izvestia. According to InfoWatch, last year the number of groups attacking Russian government agencies and companies was almost 2.5 times less — about 40.

Photo: RIA Novosti/Evgeny Biyatov

More than 60% of the groups are pro—Ukrainian hacktivists from Eastern Europe, who have become more active against their background. Among the most dangerous groups (leaders in successful hacking) in 2024 were CyberSec (and its ideologue BadB), Blackjack, Cyber Anarchy Squad, Cyber Legions, Dumpforums, HdrO, UHG, Cyber Resistance, and Cyber Partisans, said Andrey Arsentiev, head of InfoWatch analytics.

— It is important to understand that statistics can change, as a rule, for the better after previously unknown facts of attacks become public. It was possible to identify a group (or a single hacker) in 34% of cases," Arsentiev explained.

The statistics are confirmed by the integrator Cross Technologies: in 2025, there was a sharp increase in risks due to new forms of hacktivism that cause damage to both business and the state. At the same time, the demand of large businesses for the services of white hackers increased by 55% in the first five months of this year. This means that the business is aware of the threats and tries to find vulnerabilities in its systems in advance.

"Part of the global community has actually approved politically motivated attacks, they have become systemic," said Alexey Shcherbakov, Technical Director of the Lukomorye IT ecosystem (RTK IT Plus LLC). — Interestingly, DDoS attacks were primarily heard in 2022, and their number is growing today, although media attention has shifted from them to web shells (hidden malicious scripts embedded in web servers for unauthorized access to IT systems. — Ed.).

Photo: IZVESTIA/Sergey Konkov

According to him, hacker groups often become an instrument of external influence, because they can be controlled through information stuffing, seeking to activate hacker attacks on Russian structures at the right moment. In other words, the actions of hacktivists are used to form a trend towards Russophobia.

According to Nikita Nazarov, head of Kaspersky Lab's Advanced Threat Research Department, seven new and extremely dangerous groups appeared in 2025.

— Currently, 74 unique groups have been recorded carrying out cyber attacks on domestic organizations: more than a third of them appeared after 2022. All of them remain active to this day. This suggests that the cyber threat landscape is constantly becoming more complex, and not only the number of attacks is increasing, but also the number of groups of intruders targeting Russian companies. At the same time, in recent years we have seen a significant increase in hacktivist groups and complex targeted attacks," Kaspersky Lab noted.

Photo: Global Look Press/IMAGO/Rene Traut

It is important to remember that threats come not only from Europe, but also from other regions: the most active are East Asian groups, said Ivan Syukhin, head of the Solar 4RAYS investigation team. The number of incidents investigated by Solar experts in 2024 increased by 52% compared to 2023. More than 60% of them relate to the activities of pro-Ukrainian groups, the expert said. And in 2023, they accounted for about a quarter of all investigated attacks.

— Due to the tense geopolitical situation, new active pro-Ukrainian groups have appeared, some of them are breaking up and moving to others or forming new ones. It is precisely these groups that have become the main driver of the growth of attacks," he added.

Ear canal: Why hackers are hacking into wireless headphones

Bluetooth vulnerabilities give attackers access to gadgets

Attacks have become the new normal

According to BI.ZONE, one third of the active groups uses web shell technology. With their help, cybercriminals steal sensitive data and destroy infrastructure, while 86% of leaks are databases of users of web resources (sometimes clients of organizations and their orders).

In most cases, attacks are vulnerability scans by bots, says Mikhail Sergeev, lead engineer at CorpSoft24.

Photo: IZVESTIA/Dmitry Korotaev

"We have seen an increase in groups engaged in cyberbullying," explains Phishman CEO Alexey Gorelkin. — This is due to the economy: it is easier for attackers to find financially motivated assistants in Russia. We also see a trend: the groupings are getting smaller, but their number is growing.

According to the expert, cases where one attack is attributed to different groups due to the spread of AI may distort statistics in favor of growth.

According to Igor Bederov, director of the cyber research department at T.Hunter, the records are caused by blurring the boundaries between enthusiastic hackers (the so-called hacktivists) and criminal cyber groups. In such conditions, point—to-point protection measures are outdated - platform solutions with anomaly analysis and automatic response are needed.

With the growing digitalization of the Russian Federation (especially in the public sector and fintech) its vulnerability becomes attractive to external attacks. Globally, hackers' interest in the Russian Federation is rather an interest in the country as a digital adversary, whose cyber defense is testing players from Eastern Europe and other regions, according to IT expert Yaroslav Meshalkin.

Photo: Global Look Press/Sina Schuldt

Yandex Browser has confirmed that hackers are hijacking Russian websites by posting fraudulent malware pages on them. The Solar Group added that the pro-Ukrainian attackers seek to harm the Russian Federation and its representatives, not disdaining extortion and monetization of their activities.

According to BI.ZONE, incorrect and incorrect settings make more than 60% of servers and workstations vulnerable to cyber attacks. To reduce the risk of malicious scripts being introduced into web resources, it is necessary to limit Internet traffic during their development and testing and use modern security tools on all publicly available services.

As a result of massive cyber attacks, the authorities may introduce new laws on cybersecurity (for example, mandatory data encryption, system auditing), which will increase the burden on businesses. Also, against the background of these events, the introduction of AI monitoring systems, blockchain for data protection and other innovations will accelerate. As part of the challenge for the country's security system, it will be necessary to coordinate the efforts of the state and business, according to IT expert Sergey Pomortsev.