According to Microsoft’s report, the cyber and military attacks together have aimed to “degrade or disrupt” Ukraine’s government and military.
Russian Hackers Conducted 237 Operations Against Ukrainian Targets
At the outset of the invasion, many pundits expressed their surprise at the low number of disruptive or devastating cyberattacks from Russian threat actors. However, in the following weeks, Microsoft has provided a more extensive look at Russian cyber operations in Ukraine than ever before. Microsoft found that at least six Russian state-linked hacking groups had similar targets as the Russian military. It is currently unclear if the two are actively coordinating, or are working independently on a common set of targets. However, it is likely that Russia wants to undermine Ukraine’s political will and cripple its resistance through a highly-synced effort. “Russia’s use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations,” Microsoft vice president Tom Burt said. Microsoft has worked with Ukrainian cybersecurity officials and private sector organizations to defend against cyberattacks. Its report provides a detailed analysis of Russian cyber operations during the first month of its invasion of Ukraine.
Over 40% of Destructive Attacks Aimed at Critical Infrastructure
Microsoft added that Russian cyberattacks have “had an impact in terms of technical disruption of services and causing a chaotic information environment.” However, it has not been able to determine the larger strategic impact so far. On the positive, its report provides crucial information about Russian attacks and targets. By and large, national government entities were targeted, while IT services, the energy sector, media and communications outlets, and nuclear facilities also found themselves in the crosshairs. Below are some insightful points from the report:
Organizations in critical infrastructure sectors were targets of over 40% of the destructive attacks. Any harm to these entities could have “negative second-order effects on the government, military, economy, and people.” Ukrainian government organizations (national, regional, and city-level) were targets of 32% of destructive incidents. With each wave of malware deployment, the threat actors slightly modified the malware to evade detection. Microsoft estimates there have been “at least eight destructive malware families deployed on Ukrainian networks, including one tailored to industrial control systems (ICS).”
Microsoft believes that the threat actors will deploy more destructive malware if they manage to maintain their existing levels of productivity.
Statement from Senior Ukraine Government Official
Speaking on the correlation between the Russian military and cyber warfare, Victor Zhora, a senior Ukrainian government cyber official, said it is more prevalent in attacks on telecom infrastructure in some sectors. “Ukraine was, unfortunately, kind of a playground for cyber weapons over the last eight years,” Zhora commented. “And now we see that some technologies that were tested or some of attacks that were organized on Ukrainian infrastructure continue in other states,” he added. Zhora also spoke about the dangers posed by Russian hackers and the resilience of Ukrainian network defenders. “They continue to threaten democracies, threaten Ukrainian cyberspace. Nevertheless, I don’t think they can scale their cyber warriors or they can use some completely new technologies that can attack Ukrainian infrastructure,” Zhora said. Russia continues to wage an information war alongside its military and cyber operations in Ukraine. Over the last few weeks, the country has taken a series of measures that severely restricts access to uncensored information. If you want to learn how you can bypass censorship in Russia, check out our article on how to get a VPN that works in the country.