Russian hackers are using cyberattacks to soften up Ukraine for more traditional military operations, a so-called hybrid war strategy, according to Microsoft.
Microsoft, on April 27,
released a report
detailing attacks by at least six Russian-aligned hacking groups starting just before Russia’s invasion of Ukraine in February. These six groups were responsible for 237 separate cyberattack operations, wrote Tom Burt, Microsoft’s corporate vice president for customer security and trust.
“Russia’s use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations targeting services and institutions crucial for civilians,” Burt wrote.
The cyberattacks have focused on destroying Ukrainian infrastructure and are accompanied by espionage and intelligence activities, Burt added. “The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership,” he added.
Microsoft has also seen “limited” espionage attack activity against NATO members, the report said.
Burt expects the cyberattacks to escalate, possibly spilling outside Ukraine’s borders.
“Russian nation-state threat actors may be tasked to expand their destructive actions outside of Ukraine to retaliate against those countries that decide to provide more military assistance to Ukraine and take more punitive measures against the Russian government in response to the continued aggression,” he wrote. “We’ve observed Russian-aligned actors active in Ukraine show interest in or conduct operations against organizations in the Baltics and Turkey — all NATO member states actively providing political, humanitarian or military support to Ukraine.”
A day after Microsoft released the report, the FBI and Cybersecurity and Infrastructure Security Agency
updated
their Feb. 26 cybersecurity advisory on destructive malware being used against Ukrainian targets. The agencies updated indicators of compromise for the WhisperGate malware and the technical details for four other destructive malware packages.
So far, however, the scale of Russian cyberattacks has been lower than expected, said Chris Olson, CEO of
the Media Trust
, a digital security provider. The Microsoft report says that less than 20% of the Russia-aligned cyberattacks on Ukraine have been destructive, he noted.
“Based on past precedent, Russian cyberactors are more than capable of inflicting damage on critical infrastructure, disrupting supply chains and government communications,” he told the Washington Examiner. “To some, [the low number of destructive attacks] indicates that the country has elected for a more conservative cyberwarfare strategy focused on espionage and surveillance.”
Meanwhile, Russia hasn’t stepped up its cyberattacks against the U.S. and other Western nations, he added.
“It may be that Russia is biding its time, waiting to unleash its cyberoperations on the West depending on the outcome of its ongoing invasion,” Olson said. “Government and private organizations should certainly be prepared for the possibility, following CISA’s cyberadvisories for ongoing developments and preventative steps.”
While Russian hackers tried to paralyze Ukraine’s financial system, its media, its utilities, and other infrastructure, they have been largely unsuccessful, added Mykola Volkivskyi, a former adviser to the chairman of the Ukrainian Parliament. The hackers’ attempts to “completely shut down” Ukraine in the early days of the invasion met resistance, he told the Washington Examiner.
“I think it was American intelligence and American support that made it possible to break Russia’s plans on all counts — no effect was achieved, the Russians suffered disproportionate losses, and the Ukrainians mobilized more,” Volkivskyi said. “The role of hackers was very high, but in a competitive environment with American or British intelligence, Russians resemble schoolchildren who go out to play [at hacking].”
Still, U.S. government agencies and other organizations should be ready for Russian cyberattacks, he added. As the conflict in Ukraine goes on, Russian-aligned hackers could target U.S. or NATO assets, particularly if Russian President Vladimir Putin’s mental health deteriorates, he said.
Russian hacking groups are now focused on the supply chain for weapons coming from the West, media outlets, and banks, he said. The goal is to keep defenders “constantly in suspense.”
