Experts have recorded a sharp increase in cyber attacks in March

In March 2025, a significant increase in the number of requests related to the spread of malicious software (VPO) was recorded on the Runet, according to the data from the .RU/ Domain Coordination Center.The Russian Federation, which was reviewed by Izvestia on April 21.

Within the framework of the Domain Patrol project, in March, competent organizations sent 1141 appeals to registrars about the fact of the distribution of VPO in domain zones.RU and .RF. This is 2.5 times higher than in February, when 462 such appeals were recorded.

Letters of the law: fraudsters began to use schemes with lawsuits

Users are being threatened with legal problems for further deception

The increase in the spread of VPO can also be traced in quarterly dynamics: according to the results of the first quarter of 2025, the number of appeals increased 2.7 times compared to the same period last year — 2022 versus 737 appeals, respectively.

According to experts, VPO is increasingly becoming an integral element in the structure of phishing attacks. Phishing allows you to gain access to user or company accounts, and then compromised systems are infected with malware, which allows you to both directly steal funds and use already compromised accounts for further phishing mailings.

Fraudulent schemes are becoming more sophisticated: attackers can contact the victim's contacts with a request for money transfer or other "assistance." Special attention is drawn to the growing activity of the well-known hacker group Void Balaur. She specializes in targeted attacks on companies, public figures, and individual users. The group uses malware to remotely access devices, collect correspondence, audio and video data, documents, passwords and other confidential information, and track movements. Subsequently, the information can be used for blackmail, compromise, or sale on shadow markets.

As noted by Evgeny Pankov, a data analyst at the Domain Coordination Center, malware acts as a tool for infection and subsequent scaling of the attack.

"The beginning of this year demonstrates a steady trend towards an increase in activity related to malicious software. Given the current dynamics, it can be assumed that attacks using military hardware will continue to grow," he added.

Earlier, on April 10, StormWall told Izvestia that the largest number of DDoS attacks occurred in the telecommunications sector. According to the study, in the first quarter of 2025, an increase in the number of attacks was recorded by 71% compared to the same period last year. The financial sector has seen a 36 percent increase in cyber attacks. At the beginning of the year, customers of several large banks had difficulty accessing mobile applications due to powerful DDoS attacks.