Ukraine map

  • The company speaks of a hybrid war that began close to the invasion.
  • The report includes a detailed timeline of Russian cyber operations that Microsoft has observed.
  • You can access the full report, here .

Microsoft has published a report detailing the destructive and persistent Russian cyberattacks it has seen in the hybrid war against Ukraine, and the actions the company has taken to help protect Ukrainian people and organizations.

According to the study, shortly before the start of the invasion, Microsoft observed that at least six nation-state actors aligned with Russia launched more than 237 operations against Ukraine, which were accompanied by espionage and intelligence activities affecting other member states of the NATO, in addition to some disinformation activity.

Cyberattacks have degraded the systems of Ukrainian institutions, sought to disrupt the population's access to reliable information and critical essential services, and attempted to undermine trust in the country's leaders.

Furthermore, these Russian cyberattacks appear to be strongly correlated and, at times, directly synchronized with their military operations to support the military's strategic and tactical objectives - hybrid warfare. For example, a Russian actor launched cyberattacks against a major broadcasting company on March 1, the same day that Russia's military announced its intention to destroy Ukrainian targets by conducting a missile attack on a television tower in Kiev.

The report indicates nearly 40 destructive attacks, of which 32% were directed at national, local and regional government organizations and another 40% at organizations in the infrastructure sector, which could have had negative effects on the military, the economy and the citizenship of the country.

Actors participating in these attacks are using a variety of techniques to gain access to their targets, such as phishing , the use of unpatched vulnerabilities and compromising IT service providers. These actors often modify their malware with each deployment to evade detection. Specifically, the Microsoft report attributes the malware of type wiper (destructive malware or virus, whose objective is to cause total and permanent unavailability of the target system), of which the company has previously warned a nation-state actor aligned with Russia and called Iridium.

Microsoft also notes that it has observed Russian-aligned actors operating in Ukraine showing interest in or conducting operations against organizations in the Baltics and Turkey. That is, from NATO member states that actively provide political, humanitarian or military support to Ukraine.

Microsoft, working closely with the Ukrainian government

Microsoft security teams have worked closely with Ukrainian government officials, cybersecurity personnel from government organizations, and private companies to identify and remediate threat activity against Ukrainian networks. These cyberattacks have been highly targeted, and Microsoft is particularly concerned about those against Ukrainian civilian digital targets, such as critical infrastructure, emergency response services, and humanitarian relief efforts. The company believes that since these Russia-aligned nation-state actors have been replicating and escalating military actions, cyberattacks will too, as the conflict develops. Russian nation-state actors may expand their destructive actions beyond Ukraine's borders to retaliate against those countries that decide to provide more military assistance to the invaded country.

In the report, Microsoft includes specific recommendations for all organizations that may be targeted by Russian actors, as well as technical information for the cybersecurity community. Microsoft's intention is to continue reporting and updating these recommendations as activity is observed and we believe they can be safely made public.

Original source: /

Leave a comment