Russia/Ukraine Conflict

Threat Intelligence Alert

Please find below an advisory regarding the current situation in Ukraine. The Alert is a high-level response to the situation as it develops and will help inform clients of the steps NCC Group is taking to proactively mitigate the threat to them.


28/02/2022 – Context updated to cover new sanctions and increasing threat from opportunist criminal groups.

25/02/2022 – MITRE TTPs updated to include HermeticWiper

24/02/2022 - Threat Intelligence Alert: Russia/Ukraine Conflict

  • Context – Developments leading to deployment of Russian troops into Ukraine
  • Tools – HermeticWiper and CyclopsBlink
  • MITRE ATT&CK Mapping updated

21/01/2022 – Threat Intelligence Alert: Russia/Ukraine Tensions

  • Context – Rising tensions
  • Details of tools, vulnerabilities and MITRE ATT&CK Mapping for TTPs known to be used by Russian Threat Actors.


Download the threat Intelligence Alert


“At 03:00 UTC, Russia launched an attack, dubbed a ‘special military operation’, against Ukraine. This attack was preceded by a series of cyber-attacks against organisations across Ukraine.

NCC Group has been closely monitoring the situation in Ukraine over the last couple of weeks and we previously issued a threat alert based on cyber related activities that were believed to have been conducted by Russian groups.

In light of the events in the last 24 hours, the following update to that alert is being made available to you. NCC Group are conducting threat hunting activities which are directly associated with the current campaign against Ukraine, and we are monitoring for any changes in cyber campaign against Ukraine, and anything that could impact organisations globally."


If you believe you are under cyber-attack and require emergency assistance, please call +44 161 209 5148 or email