At least six Russian government-linked hackers have carried out hundreds of cyberattacks in Ukraine since Russia invaded it in February, including dozens of attacks designed to destroy computer systems, according to a new Microsoft study.
Moscow’s hacking activity amounts to a relentless campaign of disruptive and destructive activities, which are sometimes coordinated tactically with military maneuvers in the field, in addition to traditional cyber espionage, Microsoft said. Although many attacks were successful, Ukraine’s cyber defenses managed to fend off others, and in the meantime Ukraine has in most cases managed to evade cyber disruption across the country or damage critical systems, something many in the West feared at the beginning of the fighting that might happen.
“The attacks not only harmed the systems of institutions in Ukraine but also sought to disrupt people’s access to reliable information and vital life services, and sought to undermine trust in the country’s leadership,” said Tom Brett, Microsoft’s vice president of consumer security and trust, in a research blog post.
“It would be a mistake not to assess their potential”
In a briefing with reporters on Wednesday, Victor Jura, Ukraine’s deputy director of the cyber agency, said he thought Russia had exercised its full offensive cyber capabilities against Ukraine as the war continued and was not expected to launch cyber weapons that were unexpected or “brand new”.
“They pose a serious threat. It would be a mistake not to assess their potential,” Jura said. “But at the same time … I guess we’re totally capable of resisting, in cyber warfare and war in general.”
Russia-backed hackers have been “improving attitudes toward the conflict” since March 2021, Brett said, apparently out of a desire to gain wider access to Ukrainian networks that could be leveraged during the war. By mid-2021, some hackers were trying to harm supply chain suppliers in Ukraine and elsewhere “to ensure further access not only to systems in Ukraine but also to NATO member countries,” Brett said. Supply chain suppliers are companies that sell software or other widely used software By third-party companies, making them coveted targets for hackers.
The Russian embassy in Washington did not immediately respond to a request for comment. Moscow routinely denies allegations of cyberattacks against other countries and has said it has been a recent victim of cyberattacks carried out by Western countries.
“Before that it was more elephant-style stuff in a china shop”
Microsoft’s new findings, released on Wednesday, largely support what cyber security experts, big tech companies and Western intelligence officials have noticed so far: while large-scale attacks have not happened so far, Russian hackers have been very active in the conflict in Ukraine. To support the military effort.
Some of the attacks were cumbersome and only led to harassment, such as slowing down the Internet or dropping it for a short time, corrupting websites and destroying files on a limited number of computers. Others achieved a little more and employed Ukraine’s cyber defense forces. More recently, as Russia’s strategic target was shifted to eastern Ukraine, new and more disturbing attacks were discovered against the country’s energy sector.
Hackers have been trying to hit the Ukrainian government and vital infrastructure since the start of the war, but in the past three weeks researchers at Cisco Systems have seen a gradual increase in sophisticated attacks by those who appear to be more experienced hackers, said Matt Olney, intelligence director at Cisco. “Before that it was more elephant-style stuff in a china shop,” he said. “Today it’s more like a sophisticated theft of artwork.”
In some cases, Russia’s cyber attacks appeared to be strongly and sometimes directly linked to military activity on the ground, Brett said. He cited as an example the cyber attacks directed against a major broadcasting company, Ukrtelecom, on March 1, the day Russian forces attacked a TV tower missile in Kiev. In another example, a group of independent Russian hackers stole data from a nuclear safety organization in mid-March a few weeks after Russia took over nuclear power plants, Microsoft said.
Efforts to make the war hybrid were also seen in the distorted information space. When Mariupol suffered an ongoing siege by Russian forces, there were Ukrainians who received an email from a group of Russian hackers pretending to be residents of the city accusing the Ukrainian government of abandoning its residents, Microsoft said.
Contrary to the confidence expressed by the Ukrainian government’s government, US and Western intelligence officials say they fear Russia has far more harmful resources and capabilities to attack Ukraine than it has done so far. The campaign to launch cyber attacks against vital infrastructure that could have severely damaged the fabric of life in Ukraine.
Microsoft said it had spotted nearly 40 destructive cyber attacks in Ukraine against hundreds of systems. Of these, about a third were aimed at Ukrainian government entities at the national, provincial and city levels, and more than 40 percent of the attacks were directed at vital infrastructure areas that could have a repercussions on Ukraine’s government, military, economy and population, Microsoft said.
Robert McMillan participated in the preparation of the article.