Microsoft Discloses True Scale Of Russian Cyberattacks On Ukraine


Russian cyberattacks on Ukraine have been extensive and linked with its military operations, Microsoft reveals for first time

The scale of cyberattacks against Ukraine being carried out by Russian attackers is much greater than first thought.

At least that is according to a special report from Microsoft on Wednesday. The software giant said that it had observed at least six different Kremlin-backed hacking groups conducting nearly 240 cyberattacks against Ukrainian targets.

Ukraine had suffered a number of well documented cyberattacks in the weeks leading up to Russia’s illegal invasion, but the Microsoft data suggests that the sheer number of cyberattacks against the nation has been much greater than previously disclosed.

Ukraine - Shutterstock - © Mykhaylo Palinchak

Russia attacks

Microsoft it seem has been working “with Ukrainian cybersecurity officials and private sector enterprises to defend against cyberattacks.”

Indeed it seems that Microsoft security teams have worked closely with Ukrainian government officials and cybersecurity staff at government organisations and private enterprises to identify and remediate threat activity against Ukrainian networks.

“Microsoft’s ongoing, daily engagement establishes that the cyber component of Russia’s assault on Ukraine has been destructive and relentless,” said Microsoft.

“The purpose of this report is to provide insights into the scope, scale, and methods of Russia’s use of cyber capabilities as part of the largescale “hybrid” war in Ukraine, to acknowledge the work of organisations in Ukraine defending against persistent adversaries, and to provide strategic recommendations to organisations worldwide.”

And Microsoft made clear that Russia was linking these cyberattacks with military operations on the ground.

“Throughout this conflict, we have observed Russian nation state cyber actors conducting intrusions in concert with kinetic military action,” said Microsoft. “At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea.”

“It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating,” it cautioned. “However, collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions.

And Microsoft said that destructive attacks have been a prominent component of Russian cyber operations during conflict.

“A day before the military invasion, operators associated with the GRU, Russia’s military intelligence service, launched destructive wiper attacks on hundreds of systems in Ukrainian government, IT, energy, and financial organisations,” noted Microsoft.

Microsoft said that since then, it has observed attempts to destroy, disrupt, or infiltrate networks of government agencies, and a wide range of critical infrastructure organisations, which Russian military forces have in some cases targeted with ground attacks and missile strikes.

The goal of these attacks was “not only degraded the functions of the targeted organisations but sought to disrupt citizens’ access to reliable information and critical life services, and to shake confidence in the country’s leadership.”

Microsoft said between 23 February and 8 April, it observed a total of 37 Russian destructive cyberattacks inside Ukraine.

Ukraine thanks

Victor Zhora, a top Ukrainian cybersecurity official, told Reuters on Wednesday that he continues to see Russian cyberattacks on local telecom companies and energy grid operators.

“I believe that they can organise more attacks on these sectors,” Zhora told reporters. “We shouldn’t underestimate Russian hackers but we probably should not over-estimate their potential.”

He thanked Microsoft, the US and multiple European allies for their cybersecurity support.

Ukraine has suffered cyberattacks from Russia for years now. The infamous malware Industroyer was used in 2016 by the Sandworm APT group to cut power in Ukraine.

Russia’s military intelligence agency, GRU, that had previously successfully executed similar attacks in 2014 and 2015.

In both of those incidents, some residents of Kyiv temporarily lost power.

The fact that Ukraine’s power and communications networks have by and large withstood cyberattacks and military action is a testament to how well Ukraine this time around has prepared its cyberdefences and hardened its communications and electrical networks.