While cyberattacks on the IT infrastructure of Russian enterprises used to be sporadic, by 2025 the situation has become systemic. Experts in the field of information security increasingly describe cyber threats as a full-fledged component of hybrid warfare.
According to data from Jet Infosystems, over 260,000 attacked hosts—unique IP addresses—were recorded in the first half of 2025 alone. This translates to an average of 1,400 hosts attacked per day, with peak days seeing as many as 5,000. The most vulnerable sectors included:
- industrial enterprises,
- the telecommunications industry,
- and the banking sector.
Regional Disruptions and Military Significance
Long-lasting DDoS attacks have become more frequent. One such attack lasted an uninterrupted seven days. These types of attacks flood digital services with endless requests, overloading systems and cutting off user access.
On July 23, the Crimean Ministry of Internal Policy reported a large-scale DDoS attack targeting fixed-line telecom operators. Residents experienced disruptions in both internet and mobile connectivity. A similar situation occurred in Kherson Oblast, where trunk communication lines came under attack.
This points to a deliberate effort to cripple regional communications infrastructure—a move with critical implications in the context of ongoing military operations.
From Espionage to Infrastructure Destruction
According to experts at Solar 4RAYS, chaotic attacks of the past have given way to targeted strikes on infrastructure. New trends include:
- the collection of confidential information (cyber espionage),
- the analysis of backup systems,
- and the deliberate encryption or destruction of data and services.
These are no longer just disruptions—they aim to collapse the entire operational ecosystem of enterprises, including contractors, logistics, and supply chains.
One of the most dangerous developments has been the growing use of stealer malware—malicious tools designed to extract login credentials, access keys, and financial data. Over the past year, such attacks have doubled in frequency.
Cybercriminals are showing increasing interest in industrial control systems (SCADA)—the “brains” behind factory and infrastructure automation. They employ phishing and social engineering techniques to gain access to operator accounts. According to analyst Aleksey Kozlov (Spikatel), the number of industrial cyber incidents increased 2.5 times in 2024.
The sectors facing the most hacker activity include:
- the energy industry,
- the oil and gas sector,
- and mechanical engineering.
Today, cyberspace has become a full-fledged battlefield. Its defining feature is that attacks often remain invisible to the public—but their consequences can be devastating.
