A handful of hackers linked to the Russian government have carried out hundreds of cyberattacks against Ukraine since the invasion last February, US tech giant Microsoft said in a report released last Wednesday.
She added that in “hybrid” warfare tactics, Russia often matches cyber-attacks with military attacks on the battlefield. “Just before the invasion, we saw at least six Russian – sponsored cyber players commit more than 237 operations against Ukraine,” Microsoft said.
“The attacks not only degraded the institutions in Ukraine, but also sought to disrupt people’s access to reliable information and critical life services on which citizens depend, and sought to undermine trust in the country’s leadership. We have also seen limited espionage attacks against other NATO member states, and some disinformation activity. ”
As the report details, Russia’s use of cyberattacks appears to be strongly correlated and often directly linked to its kinetic military operations targeting vital civilian services and institutions.
For example, a Russian cyber player launched cyber attacks against a major broadcasting company on March 1, the same day that the Russian military announced its intention to destroy Ukrainian “disinformation” targets and launched a missile attack against a TV tower in Kiev.
On March 13, during the third week of the invasion, another Russian cyber player stole data from a nuclear safety organization, weeks after Russian military units began occupying nuclear power plants, raising concerns about radiation exposure and catastrophic accidents.
While Russian forces surrounded the city of Mariupol, the Ukrainians began to receive an email from a Russian actor impersonating a resident of Mariupol, falsely accusing the Ukrainian government of “abandoning” Ukrainian citizens.
“The devastating attacks we observed – close to 40, targeting hundreds of systems – were of particular concern: 32% of the devastating attacks were directed at Ukrainian government organizations at the national, regional and municipal levels,” the report said.
‘More than 40% of destructive attacks have been directed against organizations in critical infrastructure sectors that may have second-order negative effects on government, the military, the economy and civilians.
“Players involved in these attacks use a variety of techniques to gain initial access to their targets, including phishing, vulnerability use and vulnerability in IT service providers. These players often modify their malware with each deployment to evade detection.”