Russia uses cyberattacks in Ukraine to support military strikes, report finds

WASHINGTON – For weeks after the start of the war in Ukraine, US officials wondered about the weapon that appeared to be missing: Russia’s powerful cyber arsenal, which most experts expected would be used in the early hours of an invasion to bring down the network. Ukraine’s electrical system, fry its cell phone system and cut President Volodymyr Zelensky out of the world.

None of this happened. But in a new study released Wednesday by Microsoft, it is now clear that Russia has used its A-team of hackers to conduct hundreds of far more subtle attacks, many timed to coincide with missiles or ground attacks. And it turned out that, just like in land warfare, the Russians were less skilled and the Ukrainians were better defenders than most experts expected.

“They’ve brought in destructive efforts, they’ve brought in espionage efforts, they’ve brought in all their best actors to focus on this,” said Tom Burt, who oversees Microsoft’s investigations into the largest and most complex cyberattacks visible across its global networks. But he also noted that while “they had some success,” the Russians were met with a robust defense from the Ukrainians who blocked some of the online attacks.

The report adds considerable subtlety to an understanding of the early days of the war, when bombing and troop movements were obvious but cyber operations were less visible — and harder to blame, at least immediately, on Russia’s top intelligence agencies.

But it is now becoming clear that Russia has used hacking campaigns to support its ground campaign in Ukraine, combining malware with missiles in various attacks, including on TV stations and government agencies, according to Microsoft research. The report demonstrates Russia’s persistent use of cyber weapons, overturning initial analyzes that suggested they did not play a prominent role in the conflict.

“It’s been a relentless cyberwarfare that has paralleled and, in some cases, directly supported kinetic warfare,” Burt said. Russian-affiliated hackers were carrying out cyberattacks “daily, 24/7, from hours before the physical invasion began,” he added.

Microsoft was unable to determine whether the Russian hackers and their troops were only given similar targets to pursue or whether they actively coordinated their efforts. But Russian cyberattacks often happened within days—and sometimes hours—of field activity.

From the weeks leading up to the invasion through March, at least six Russian hacking groups launched more than 237 operations against Ukrainian companies and government agencies, Microsoft said in its report. Attacks were often intended to destroy computer systems, but some were also aimed at gathering intelligence or spreading misinformation.

While Russia routinely relies on malware, espionage and disinformation to further its agenda in Ukraine, it appeared that Moscow was trying to limit its hacking campaigns to stay within Ukraine’s borders, Microsoft said, perhaps in an attempt to avoid luring NATO countries into Ukraine. the conflict.

The attacks were sophisticated, with Russian hackers often making minor modifications to the malware they used in an effort to evade detection.

“It’s definitely the A team,” Burt said. “It’s basically all the major players in the nation-state.”

Still, Ukrainian defenders managed to thwart some of the attacks, having grown accustomed to fending off Russian hackers after years of online intrusions into Ukraine. At a news conference on Wednesday, Ukrainian officials said they believed Russia had brought all of its cyber capabilities to Ukraine. Still, Ukraine managed to fend off many of the attacks, they added.

Microsoft detailed several attacks that appeared to show parallel cyber activity and ground activity.

On March 1, Russian cyberattacks targeted media companies in Kiev, including a major broadcast network, using malware intended to destroy computer systems and steal information, Microsoft said. On the same day, missiles destroyed a TV tower in Kiev, knocking some stations off the air.

The incident demonstrated Russia’s interest in controlling the flow of information into Ukraine during the invasion, Microsoft said.

A group affiliated with the GRU, the Russian military intelligence agency, hacked into the network of a government agency in Vinnytsia, a city southwest of Kiev, on March 4. Clinton’s 2016 presidential campaign carried out phishing attacks against military officials and regional government officials who intended to steal passwords from their online accounts.

The hacking attempts represented a pivot for the group, which typically focuses its efforts on national offices rather than regional governments, Microsoft said.

Two days after the phishing attempts, Russian missiles hit an airport in Vinnytsia, damaging air traffic control towers and an aircraft. The airport was not close to any ground combat areas at the time, but it had some Ukrainian military presence.

Russian hackers and troops appeared to move together again on March 11, when a government agency in Dnipro was targeted by destructive malware, according to Microsoft, while government buildings in Dnipro were hit by attacks.

Parallels have also emerged between Russian disinformation campaigns that spread false rumors about Ukraine’s development of biological weapons and the attack on Ukraine’s nuclear facilities. In early March, Russian troops captured the Zaporizhzhia nuclear power plant, the largest nuclear power plant in Europe. During the same period, Russian hackers worked to steal data from nuclear energy organizations and research institutions in Ukraine that could be used for further disinformation narratives, Microsoft said.

One of the groups, which is affiliated with Russia’s Federal Security Service and has a history of attacking companies in the energy, aviation and defense sectors, managed to steal data from a Ukrainian nuclear security organization between December and mid-March, Microsoft said. .

In late March, Russian hackers were starting to shift their focus towards eastern Ukraine when the Russian military began to reorganize troops there. Little is known about the Russian-backed hacking campaigns that took place in April, as investigations into many of these incidents are ongoing.

“Ukrainians themselves have been better advocates than anyone expected, and I think that’s true on both sides of this hybrid war,” Burt said. “They are doing a good job of defending against cyberattacks and recovering from them when they are successful.”

Leave a Reply

Your email address will not be published.