The study of relevant cyberosis for the CIS countries for 2023 and the first half of 2024 revealed that Belarus ranks third in terms of the number of cyber attacks among the countries of the Commonwealth, representing 7% of all attacks. The main threats for Belarusian companies are the Cyberspensky groups and communities of hactivists.
According to analysis conducted by Positive Technologies, in Belarus, state institutions (22%), industrial enterprises (14%), financial companies (11%), and organizations in the fields of science and education (8%) are most frequently targeted by cyber attacks. Malicious software was used in 76% of cases. The general statistics for the CIS region indicate that spy software (41%) and remote control programs (37%) are the most commonly employed. Additionally, 22% of incidents involved ransomware, with 88% motivated by financial gain, resulting in ransom amounts ranging from hundreds of thousands to several hundred million rubles.
Between 2023 and 2024, cyberspiral groups accounted for 18% of successful attacks on CIS countries. Notable groups posing a significant threat to Belarus include XDSPY, Lazy Koala, and Sticky Werewolf. Sticky Werewolf, for instance, targets state institutions, industrial enterprises, telecommunication companies, and organizations in science and education through phishing emails containing malicious attachments disguised as official documents. The group constantly updates their tools, introducing Metastealer infostiller in 2023 and adding Glory and Rhadamanthys in 2024.
Hactivists are another major threat to Belarusian organizations, contributing to 26% of all cyber attacks on CIS countries. In late 2023, Cyberpartisana Hactivist group claimed responsibility for hacking the BelTA State Agency and stealing 90 GB of confidential information, including personal employee data. The group also disrupted the operations of the country’s largest fertilizer producer, “Grodno Azot,” in April 2024.
Social engineering remains a prevalent attack method for Belarusian companies, employed in 68% of cases. Attackers often exploit topics like tax payments to deceive individuals into sharing personal, accounting, or banking information. In August 2023, the Ministry of Taxes and Levies of the Republic of Belarus issued a warning about scammers impersonating the department to extract passport data under the guise of conducting checks.