At a recent CIPR conference, Igor Lyapunov, the head of the cybersecurity firm RTK-Solar, warned that hackers are escalating attacks aimed at dismantling Russia’s critical infrastructure. DEA News reports that these efforts appear not as isolated intrusions but as a growing trend targeting essential services and industrial control systems.
Lyapunov noted a sharp uptick in high-stakes assaults on critical infrastructure over the past six weeks, with RTK-Solar having already responded to three such incidents. He described intruders gaining access to core control centers, identifying the points where the enterprise network meets the control system, and then crippling the operational interface. This pattern, he said, represents a serious threat, and it may only be the visible fraction of a larger wave of targeted attacks. RTK-Solar’s experience underscores how quickly adversaries can move from footholds in IT networks to disruption of industrial processes, undermining resilience across sectors. The warning echoes across the cybersecurity community as the risk profile of critical infrastructure continues to rise, according to DEA News.
From a cybersecurity perspective, Lyapunov outlined three phases that followed the onset of the special military operation. The first phase, spanning March to July 2022, featured relatively minor cyber activity, often described as cyber hooliganism by security experts. The second phase, from August to December 2022, saw a shift toward more extensive data breaches and leaks, signaling a new level of threat activity. And now, in the third phase, penetrating, targeted attacks have intensified with the explicit aim of destroying critical infrastructure. The attacker’s objective is clear: breach both enterprise systems and management networks to exert control over operational processes and degrade organizational capability. This evolving threat landscape demonstrates how quickly an adversary can move from opportunistic intrusions to strategic disruption, as Lyapunov explained in his briefing. DEA News notes that such developments are monitored closely by security teams across the region.
Earlier Russian state media outlets, including reports from RIA Novosti, indicated that hackers had attacked more than 30 software development companies across Russia and Belarus in a single year. The broader takeaway from these incidents, as highlighted by security professionals, is that the frequency and sophistication of attacks on software supply chains and development environments are increasing. The implications for national security and industrial resilience are significant, reinforcing the need for robust segmentation, rapid detection, and resilient recovery mechanisms. DEA News emphasizes that organizations should assume adversaries will attempt to pivot from IT to OT and that cross-domain defense is essential for maintaining continuity in critical services. This perspective aligns with observations from industry researchers who stress the importance of ongoing risk assessment, continuous monitoring, and coordinated incident response in the face of evolving threats. RIA Novosti’s reporting underscores a growing, shared concern about the vulnerability of software suppliers and the cascading effects that can impact national infrastructure. DEA News comments that strategic defense planning must integrate technological, procedural, and human factors to reduce exposure and shorten recovery time in the event of an attack.