Publication date:
Publication from:
The State Service of Special Communications and Information Protection of Ukraine (SSSCIP) has published a new analytical report for the first half of 2025, which records an increase in the scale and sophistication of cyberattacks. Cyberspace remains one of the key areas of hybrid aggression, and cyberattacks are increasingly coordinated with missile and drone strikes.
A total of 3,018 cyber incidents were recorded in the first half of 2025, representing a 17% increase compared to H2 2024. There was a rise in medium-criticality attacks, while the number of critical and high-level incidents decreased due to the strengthening of cyber defence systems.
The primary targets remain local government bodies (34%), the security and defence sector (23%), and government organisations (19%). The most common types of incidents include phishing (27%), malware infection (21%), and account compromise (5.4%).
Hacker groups linked to the GRU of the General Staff of the Armed Forces of the Russian Federation are actively using Zero-Click vulnerabilities, which allow systems to be infected without user interaction. Malicious actors are exploiting email platforms such as Roundcube and Zimbra, and distributing malicious files via legitimate services like Dropbox, Google Drive, and Cloudflare. CERT-UA has also recorded the use of Artificial Intelligence (AI) to create phishing messages and malware, signalling a new level of technological sophistication in threats.
Despite the growing intensity of attacks, the overall level of cyber resilience across state and private organisations has significantly increased. This has been made possible thanks to new legislative initiatives, particularly Law of Ukraine No. 4336, which provides for the creation of regional and sectoral CSIRT (Computer Security Incident Response Team) teams and the transformation of CERT-UA into a national CSIRT.
Ukrainians face the most attacks in the world today. That’s why the Ukrainian IT sector is currently not only defending itself but also transforming, gaining unique experience in countering cyber aggression and implementing it into advanced security products. Organisational cyber defence starts with people. In a world where technology and Artificial Intelligence are developing at an incredible pace, the best investment is first and foremost to teach people to understand these technologies and use them safely
adds Yehor Aushev, CEO at Cyber Unit Technologies, Co-Founder at Cyber School Ukraine, and a member of the CyberTech Committee and of Board of Representatives of the IT Ukraine Association
CERT-UA forecasts a continued rise in the level of cyber threats in the second half of 2025 (H2 2025), particularly due to the intensification of attacks on energy, telecommunications, and state administration facilities. Simultaneously, increased effectiveness in incident response and the development of the national cyber infrastructure create the foundation for strengthening Ukraine’s cyber resilience at a strategic level.
Click here to download the report and find out the details.
