Microsoft Discloses True Scale Of Russian Cyberattacks On Ukraine

The scale of cyberattacks against Ukraine being carried out by Russian attackers is much greater than first thought.

At least that is according to a special report from Microsoft on Wednesday. The software giant said that it had observed at least six different Kremlin-backed hacking groups conducting nearly 240 cyberattacks against Ukrainian targets.

Ukraine had suffered a number of well documented cyberattacks in the weeks leading up to Russia’s illegal invasion, but the Microsoft data suggests that the sheer number of cyberattacks against the nation has been much greater than previously disclosed.

Russia attacks

Microsoft it seem has been working “with Ukrainian cybersecurity officials and private sector enterprises to defend against cyberattacks.”

Indeed it seems that Microsoft security teams have worked closely with Ukrainian government officials and cybersecurity staff at government organisations and private enterprises to identify and remediate threat activity against Ukrainian networks.

“Microsoft’s ongoing, daily engagement establishes that the cyber component of Russia’s assault on Ukraine has been destructive and relentless,” said Microsoft.

“The purpose of this report is to provide insights into the scope, scale, and methods of Russia’s use of cyber capabilities as part of the largescale “hybrid” war in Ukraine, to acknowledge the work of organisations in Ukraine defending against persistent adversaries, and to provide strategic recommendations to organisations worldwide.”

And Microsoft made clear that Russia was linking these cyberattacks with military operations on the ground.

“Throughout this conflict, we have observed Russian nation state cyber actors conducting intrusions in concert with kinetic military action,” said Microsoft. “At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea.”

“It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating,” it cautioned. “However, collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions.

And Microsoft said that destructive attacks have been a prominent component of Russian cyber operations during conflict.

“A day before the military invasion, operators associated with the GRU, Russia’s military intelligence service, launched destructive wiper attacks on hundreds of systems in Ukrainian government, IT, energy, and financial organisations,” noted Microsoft.

Microsoft said that since then, it has observed attempts to destroy, disrupt, or infiltrate networks of government agencies, and a wide range of critical infrastructure organisations, which Russian military forces have in some cases targeted with ground attacks and missile strikes.

The goal of these attacks was “not only degraded the functions of the targeted organisations but sought to disrupt citizens’ access to reliable information and critical life services, and to shake confidence in the country’s leadership.”

Microsoft said between 23 February and 8 April, it observed a total of 37 Russian destructive cyberattacks inside Ukraine.

Ukraine thanks

Victor Zhora, a top Ukrainian cybersecurity official, told Reuters on Wednesday that he continues to see Russian cyberattacks on local telecom companies and energy grid operators.

“I believe that they can organise more attacks on these sectors,” Zhora told reporters. “We shouldn’t underestimate Russian hackers but we probably should not over-estimate their potential.”

He thanked Microsoft, the US and multiple European allies for their cybersecurity support.

Ukraine has suffered cyberattacks from Russia for years now. The infamous malware Industroyer was used in 2016 by the Sandworm APT group to cut power in Ukraine.

Russia’s military intelligence agency, GRU, that had previously successfully executed similar attacks in 2014 and 2015.

In both of those incidents, some residents of Kyiv temporarily lost power.

The fact that Ukraine’s power and communications networks have by and large withstood cyberattacks and military action is a testament to how well Ukraine this time around has prepared its cyberdefences and hardened its communications and electrical networks.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

3 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

3 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

5 hours ago

French Music Service Deezer Slumps On Market Debut

Spotify and Apple Music competitor Deezer falls below opening price after long-delayed IPO in Paris…

6 hours ago

Foxconn Expects Stronger Sales In Spite Of Economic Gloom

iPhone manufacturer Foxconn revises full-year expectations upward amidst strong consumer and data centre demand, bucking…

7 hours ago

Samsung ‘To See Profits Jump’ On Data Centre Demand

Industry analysts expect Samsung's profits to jump 15 percent for the second quarter as strong…

7 hours ago