Russian Government Hackers Target Ukraine’s Allies

Russia spy - Shutterstock - © gubh83

Microsoft’s President Brad Smith warns Russian government is conducting cyber spy operations on countries allied to Ukraine

Microsoft published a new report on Wednesday that revealed the early lessons learned from the cyber war being waged by Russia, alongside its illegal invasion of Ukraine.

The report entitled “Defending Ukraine: Early Lessons from the Cyber War”, revealed that besides unleashing cyber warfare on Ukraine, Russian government hackers have also conducted multiple cyber spy operations against countries allied with Ukraine.

Russia’s actions this year have resulted in Microsoft a few weeks ago further reducing its its already suspended business operation in Russia, letting go 400 staff in the process. Microsoft, like many other technology firms, had already suspended new sales in Russia.

In this image from video provided by the Ukrainian Presidential Press Office and posted on Facebook early Tuesday, March 15, 2022, Ukrainian President Volodymyr Zelenskyy speaks in Kyiv, Ukraine. (credit AP)

Russian invasion

Russia’s invasion of Ukraine on 24 February has of course triggered worldwide condemnation, as well as punishing and wide ranging sanctions that will impact the Russian economy for years to come.

Prior to its invasion, Russia engaged in its usual practice of hybrid or asymmetric warfare, and was accused of launching an assortment of cyberattacks to destabilise communications and spread confusion whilst its troops invaded the region.

Microsoft concluded in April this year, that Russia’s cyberattacks against Ukraine were much greater than first thought.

This conclusion has been supported by senior US cyber officials and many security experts.

First shots

Now Brad Smith, Microsoft’s president and vice chairman, in a blog post, provided further insight to Russia’s cyber aggression of late.

He began by pointing out it was discovered years later Nazi Germany’s pretext of putting SS troops in Polish uniforms, in order to stage an attack against a German radio station, so as to justify the start of the second world war.

“The war in Ukraine follows this pattern,” wrote Smith. “The Russian military poured across the Ukrainian border on 24 February 2022, with a combination of troops, tanks, aircraft, and cruise missiles.”

“But the first shots were in fact fired hours before when the calendar still said 23 February,” wrote Smith. “They involved a cyberweapon called ‘Foxblade’ that was launched against computers in Ukraine. Reflecting the technology of our time, those among the first to observe the attack were half a world away, working in the United States in Redmond, Washington.”

“The Russian invasion relies in part on a cyber strategy that includes at least three distinct and sometimes coordinated efforts – destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world,” wrote Smith.

“This report provides an update and analysis on each of these areas and the coordination among them,” Smith added. “It also offers ideas about how to better counter these threats in this war and beyond, with new opportunities for governments and the private sector to work better together.”

Early lessons

He said Russia’s war extends far beyond Ukraine and “pits Russia, a major cyber-power, not just against an alliance of countries. The cyber defense of Ukraine relies critically on a coalition of countries, companies, and NGOs.”

The Microsoft report warns that Ukraine allies are being targetted, and reaches five conclusions from the war’s first four months. These are:

  • First, defense against a military invasion now requires for most countries the ability to disburse and distribute digital operations and data assets across borders and into other countries.
  • Second, recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyberattacks.
  • Third, as a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine.
  • Fourth, in coordination with these other cyber activities, Russian agencies are conducting global cyber-influence operations to support their war efforts.
  • Finally, the lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations.

Allies targetted

Microsoft said it had detected Russian network intrusion efforts on 128 organisations in 42 countries outside Ukraine.

“The target appeared to be mostly governments, although also included think tanks, humanitarian groups, and critical infrastructure providers,” the report said.

Microsoft said the hacking against allies was successful about 29 percent of the time and in some cases led to data being stolen.

While the United States has been Russia’s number one target, this activity has also prioritised Poland, where much of the logistical delivery of military and humanitarian assistance is being coordinated.

Russia has also targeted Baltic countries, and “during the past two months there has been an increase in similar activity targeting computer networks in Denmark, Norway, Finland, Sweden, and Turkey.”

Microsoft also said it has seen an increase in similar activity targeting the foreign ministries of other NATO countries.