At least six different Kremlin-affiliated hacking groups have conducted nearly 240 cyber operations against Ukrainian targets, Microsoft said Wednesday, in data revealing a wider range of alleged Russian cyber attacks during the war against Ukraine than previously documented.
“Russia’s use of cyber attacks appears to be highly correlated and sometimes directly timed with its kinetic military operations,” said Tom Burt, a Microsoft vice president.
The Microsoft report is the most comprehensive public account to date of Russian hacking efforts related to the war in Ukraine. It fills a number of gaps in the public understanding of where Russia’s vaunted cyber capabilities were deployed during the war.
Burt cited a cyber-attack on a Ukrainian broadcaster on March 1, the same day as a Russian missile attack on a TV tower in Kiev, and malicious emails sent to Ukrainians falsely claiming that the Ukrainian government is “letting them down.” left” amid the Russian siege of the city of Mariupol.
Suspected Russian hackers are “working to compromise organizations in regions of Ukraine,” and may have gathered intelligence about Ukrainian military partnerships many months before the large-scale invasion in February, the Microsoft report said.
Russia’s military attacks on Ukraine “sometimes correlate with cyber-attacks, especially when targeting telecom infrastructure in some areas,” Victor Zhora, a senior Ukrainian government cyber official, told reporters on Wednesday.
In the weeks following Russia’s last invasion of Ukraine, some pundits and US officials were surprised that there had been no more noticeably disruptive or debilitating Russian cyber attacks on the country. Possible explanations ranged from disorganization in Russian military planning to hardened Ukrainian defenses to bombs and bullets taking precedence over wartime hacking.
But a barrage of alleged Russian and Belarusian hacks has indeed taken place to destabilize Ukraine, with some hacks surfacing several weeks after they took place. Some hacking attempts have been more successful than others.
A multi-faceted cyberattack at the start of the war disabled internet service for tens of thousands of satellite modems in Ukraine and elsewhere in Europe; US officials are investigating the incident as a possible Russian state-sponsored hack, DailyExpertNews previously reported.
More background: Earlier this month, a hacking group affiliated with the Russian military attacked a Ukrainian electricity station with a hack that, if successful, could have cut off power for 2 million people, Ukrainian officials said. But while the same hacking group managed to cut power in Ukraine in 2015 and 2016, the recent cyberattack did not affect the supply of electricity to the targeted power company, Zhora said.
NATO officials David Cattler and Daniel Black noted a series of alleged Russian data erasure hacks targeting Ukrainian organizations over several weeks.
“If observers see this cyber offensive as a series of isolated events, its scale and strategic significance will be lost in the conventional violence unfolding in Ukraine,” Cattler and Black wrote in Foreign Affairs this month. “But a full accounting of cyber operations reveals the proactive and ongoing use of cyber attacks to support Russian military targets.”
Officials from the White House, Department of Homeland Security and other agencies have worked closely with Ukrainian counterparts to try to defend against Russian hacking and gain insight into Russian capabilities that could be used against the US.
“Unfortunately, Ukraine has been something of a playground for cyber weapons for the past eight years,” Zhora said. “And now we see that some of the technologies that were tested or some of the attacks that were staged on the Ukrainian infrastructure are continuing in other states.”
Zhora praised the resilience of Ukrainian network defenders.
Russian hackers “remain dangerous,” Zhora said on Wednesday. “They continue to threaten democracies, threaten Ukrainian cyberspace. Nevertheless, I don’t think they can scale up their cyber fighters or use some completely new technologies that could attack Ukrainian infrastructure.”
DailyExpertNews has asked the Russian embassy in Washington DC for comment on the Microsoft report.
