Solar Blocks 1.6 Billion Malicious Requests Targeting Russian Students During EGE-2025

The Solar Group of Companies has reported an increase in malicious resources targeting school students during the Unified State Exam (USE). From May 23 to June 23, 2025, the number of these resources rose by 30% compared to the same timeframe in 2024.

This analysis was conducted based on traffic filtering data from the Unified Data Transmission Network (UDTN), which operates in all schools, colleges, technical schools, and lyceums across Russia. The web security system connected to the UDTN blocked access to 1.6 billion harmful websites. This data pertains to schools in eight federal districts.

The Central Federal District led in the number of blocked access attempts, totaling 620.5 million. Siberia followed with 197.6 million, the Volga region with 180.5 million, the Ural region with 120 million, the Far East with 117.6 million, and the Northwest Federal District with 85 million. Both the Southern and North Caucasian districts combined saw a total of 213.6 million blocked attempts.

The Solar 4RAYS Cyber Threat Research Center reported that in the first quarter of 2025, cyberattacks on educational institutions surged by 218% compared to the same period in 2024.

A survey conducted by the Mikhailov & Partners Analytical Agency alongside the Solar Group revealed that 56% of children encountered forbidden content online, and 76% shared what they saw with others. Additionally, 48% of children were unaware of what cybersecurity is.

Experts analyzed requests from personal devices connected to school Wi-Fi, including those using VPNs, as well as computers operating through the UDTN. Some requests also originated from mobile applications. Across all districts, spyware topped the list of traffic volume. Social media, advertisements, online casinos, phishing sites, and 18+ content also contributed significantly to the traffic.

Children are increasingly utilizing VPNs and anonymous proxies, which are becoming channels for installing malware and stealing data. Through these means, students gain access to resources banned in Russia, such as YouTube, Instagram, TikTok, Discord, and others.

To promote these resources, cybercriminals employ AI and deceptive advertising messages, as well as search result poisoning techniques and malvertising. Personal devices and school computers are under threat, with access potentially granted by clicking on ads or launching games.

Oleg Denisienko, the Director of the Center for Information and Telecommunications Technologies and Information Security at the Federal State Autonomous Scientific Institution «Federal Institute of Digital Transformation in Education» (FGANU «FITOE»), expressed serious concern over the rise in malicious resources. He noted that criminals are actively using AI and exploiting adolescents’ psychological traits, stating that traditional protective measures are losing their effectiveness.

Denisienko also emphasized the importance of digital literacy for students, parents, and educators. He believes that protection necessitates a comprehensive approach involving technology, education, and regulation.

Anastasia Khveshenik, the Product Manager of Solar webProxy, reported a record level of threats during the USE period. She indicated that cybercriminals attempted to disrupt the exams. Khveshenik advised implementing lessons on cyber literacy and installing antivirus software and network filters.

The UDTN was established by PJSC «Rostelecom» as part of the national project «Digital Economy.» The network employs encryption and operates via secure channels, with nodes located in administrative centers across the Russian Federation.