By Staff Writer.
Tech giant Microsoft has released a report detailing the extent of Russian State and Russian backed cyber-attacks on Ukrainian networks and infrastructure. Released on Wednesday, the report says at least six separate Russia-aligned nation-state actors have launched more than 237 operations against Ukraine since just before the late February invasion.
Microsoft says that they’ve watched Russian nation state cyber actors conducting intrusions in concert with kinetic military action throughout the conflict. Microsoft adds that many of the cyber-attacks aren’t just about shutting down IT networks or infrastructure. Instead, they are out to cause maximum destruction.
“More than 40% of the destructive attacks were aimed at organisations in critical infrastructure sectors that could have negative second-order effects on the government, military, economy, and people,” the report says. “Thirty-two percent of destructive incidents affected Ukrainian government organisations at the national, regional, and city levels.”
In one analysis spanning six weeks between February 23 and April 8, Microsoft recorded 37 destructive cyber-attacks using a variety of malware, including FoxBlade, DesertBlade, CaddyWiper, Industroyer2, and the malicious use of SecureDelete utility.
The report says Russia-aligned threat groups started pre-positioning for conflict as early as March 2021. The threat groups sought to secure continued access for strategic and battlefield intelligence collection or to facilitate future destructive attacks.
In early 2022, as diplomats sought to defuse escalating tensions, those same threat actors began launching destructive wiper malware attacks against Ukrainian organisations with increasing intensity, signalling that Russian actions in Ukraine had entered a destructive phase.
“When Russian troops first started to move toward the border with Ukraine, we saw efforts to gain initial access to targets that could provide intelligence on Ukraine’s military and foreign partnerships,” the report notes. “By mid-2021, Russian actors were targeting supply chain vendors in Ukraine and abroad to secure further access not only to systems in Ukraine but also NATO member states.”
Since the February 24 invasion, Microsoft has seen Russian cyber threat groups working in concert with Russia’s military’s strategic and tactical objectives. Microsoft says their analysis reveals a timeline where military and cyber-action work in tandem.
In the six weeks since the invasion, Microsoft has identified at least eight occasions where this had occurred, including on March 11, when Russian airstrikes on government buildings in Dnipro coincided with a destructive malware attack targeting Dnipro government agencies.
“Analysis of Microsoft signals with open-source kinetic attack data shows high concentrations of malicious network activity frequently overlapped with high-intensity fighting during the first six-plus weeks of the invasion,” says the report.
Microsoft doesn’t see Russian State and Russian back cyber-attacks abating anytime soon. Instead, Microsoft suggests that Russian cyber-activity may expand, targeting countries and organisations pushing back against Russia and providing assistance to Ukraine. The tech giant has already noted malicious cyber activity traced to Russian-aligned actors active in Ukraine against the Baltic States and Turkey after they came out against the invasion.
Coinciding with Microsoft’s belief that these cyber-attacks will likely spread further afield, a high-level joint cybersecurity alert recently issued by the Five Eyes cybersecurity agencies highlighted the same impending threat.