In 2022 Russia found itself at the epicenter of a sustained wave of cyber attacks, a status that persisted into the years that followed. Dmitry Galov, head of Kaspersky GReAT in Russia, described the situation in a major interview, stating that the country had become the most attacked on the planet and that the trend has continued. This view is echoed by security researchers who monitor digital threats and by industry briefings that highlight the persistent nature of cyber aggression tied to broader geopolitical tensions. The takeaway is that Russia has faced a higher volume of intrusions, fraud attempts, and disruptive campaigns since the 2022 crisis began, and the pattern shows no signs of abating.
Following the February 2022 events, dozens of hacker groups and hacktivist collectives redirected their efforts toward Russian organizations as well as ordinary users. The shift reflected a broader surge in cyber activity aimed at undermining confidence in institutions, disrupting services, and exploiting the information needs created by geopolitical tension. The landscape became more crowded, as both state-aligned and independent actors explored new ways to achieve strategic goals in cyberspace.
The most common threats cited during this period included phishing campaigns, with a notable focus on Telegram users, alongside pervasive phone scams and social engineering techniques. Malware remained a key tool for harvesting credentials, stealing money, and compromising devices at scale. Although attackers varied their methods, the underlying pattern stayed clear: fraud and data theft were frequent, and users faced an increasingly sophisticated set of attack vectors tailored to their online habits and communication channels.
Experts noted that attackers did not stop refining their techniques. They continuously evolved their playbooks, mixing social engineering with technical exploits, expanding the reach and impact of their campaigns, and prioritizing more efficient means to bypass defenses. This iterative improvement meant that defensive measures needed to adapt as quickly as the threats themselves, with multilayered security and user awareness serving as essential components of resilience.
A notable shift involved attacks on suppliers and service providers. By compromising a third party that has access to a target network, attackers could reach multiple client networks indirectly. This supply chain approach dramatically increased the potential attack surface and underscored the importance of vetting partners, monitoring vendor activity, and segmenting networks to limit the spread of intrusions. In corporate incidents, attackers increasingly used utilities to tunnel traffic, enabling them to slip into closed parts of networks and move laterally to access sensitive resources. The tactic underscored how legitimate tools, when misused, can become effective weapons in a cyber assault.
Data cited in Izvestia, drawing on Irina Zinovkina of Positive Technologies, show a fluctuating but persistent breach pattern. The record of successful attacks on Russian organizations rose to about 220 in 2022, declined to 167 in 2023, and then climbed to 217 in 2024. These figures illustrate a volatile yet ongoing threat environment where breaches remain a routine concern for enterprises and public institutions alike, reinforcing the need for continuous monitoring, rapid incident response, and strong security governance.
Media coverage in recent years has increasingly highlighted fraudulent schemes aimed at deceiving Russians and siphoning money from bank accounts. Official channels report that information technologies underpin more than a third of all crimes in the country, with cybercrime showing a clear upward trajectory. The reporting also explored common schemes and practical defenses, emphasizing basic hygiene like strong authentication, careful handling of links and messages, and ongoing education to reduce susceptibility to fraud.
Earlier reports also mentioned troubling online behavior involving inappropriate communications with minors. Such incidents reveal how online environments can be misused in ways that endanger vulnerable groups, underscoring the broader imperative for safety, awareness, and responsible use of digital tools. The overarching message from cybersecurity observers is clear: persistent threats require vigilant defense, robust technical controls, and informed users who understand how to recognize and respond to evolving attack patterns.