Russian allied and backed groups increased their phishing campaigns against users in NATO countries by more than 300 percent in 2022 versus 2022, likely to learn more about activities inside the alliance, says a new report by the information security company Mandiant.

The attempts to penetrate NATO countries ran parallel to a 250 percent increase in Russian government-backed phishing campaigns against users in Ukraine, says the report, Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape. Mandiant is part of Google [GOOG].

The report says that Mandiant aided the Ukrainian military, government and critical infrastructure by disrupting the phishing campaigns.

Still, Russia has found ways to be successful.

“Russian Armed Forces Maine Directorate of the General Staff-sponsored actors have used destructive malware to disrupt and degrade Ukraine’s government and military capabilities,” the 27-page report says. “In parallel, we’ve seen similar attacks on civilian infrastructure in an attempt to undermine the public’s trust in the government’s ability to deliver basic services. We observed more destructive cyberattacks in Ukraine during the first four months of 2022 than in the previous eight years with a notal spike in activity at the start of the invasion.”

There has been little “spillover” outside of Ukraine, the report says. With Russia’s invasion of Ukraine a year ago, a wave of attacks against critical infrastructure targets outside of Ukraine had been expected but never materialized, it says.

There has been “a notable shift in the Eastern European cybercriminal ecosystem” with long-term implications, Mandiant says. Some of these groups have split over political allegiances and others have lost operators, it says.