Russia Uses Cyberattacks in Ukraine to Support Military Strikes, Report Finds

WASHINGTON – In the weeks leading up to the outbreak of war in Ukraine, U.S. officials have expressed surprise at the missing weapon: Russia’s powerful cyber arsenal, which most experts expected would be used in the early hours of the siege to bring down Ukraine’s power grid. And cut off President Volodymyr Zelensky from the world.

Nothing like that happened. But in a new study released by Microsoft on Wednesday, it is now clear that Russia used its A-team of hackers to carry out hundreds of more subtle attacks, often consistent with incoming missile or ground attacks. And it turned out that, like the land war, the Russians were less skilled, and the Ukrainians were better defenders than most experts expected.

“They brought in destructive attempts, they brought in spying attempts, they brought in all their best artists to focus on this,” said Tom Burt, who oversees Microsoft’s investigation into the biggest and most complex cyber attacks seen by its global networks. But he also noted that while “they had some success,” the Russians received strong defenses from the Ukrainians who blocked some online attacks.

The report adds considerable subtlety to the understanding of the early days of the war, when shelling and troop movements were evident, but cyber operations were less visible – and at least immediately, it was more difficult to blame Russia’s main intelligence agencies.

But now it is becoming clear that Russia used hacking campaigns to support its ground campaign in Ukraine, combining malware with missiles in a number of attacks, including TV stations and government agencies, according to Microsoft research. The report demonstrates the continued use of cyber weapons by Russia, which supports a preliminary analysis that indicates that they did not play a leading role in the conflict.

Mr. Said Bert. Hackers affiliated with Russia were “carrying out cyber attacks on a daily basis, 24/7 hours before the start of the physical invasion,” he added.

Microsoft could not determine whether Russian hackers and its troops were given similar targets to pursue or actively coordinated their efforts. But Russian cyber-attacks often strike on days of activity on the ground – and sometimes within hours.

Microsoft said in its report that in the week leading up to the March invasion, at least six Russian nation-state hacking groups had launched more than 237 operations against Ukrainian businesses and government agencies. Attacks were often intended to destroy computer systems, but some were also intended to gather intelligence or spread false information.

Although Russia regularly relies on malware, espionage and misinformation to advance its agenda in Ukraine, it has been reported that Moscow is trying to limit its hacking campaign to stay inside Ukraine’s borders, Microsoft said. In an attempt to avoid drawing.

The attacks were sophisticated, with Russian hackers frequently making minor alterations to the malware used in an attempt to evade detection.

“It’s definitely an A-team,” Mr. Said Bert. “They’re basically all major nation-state actors.”

However, Ukrainian defenders were able to thwart some attacks as they were accustomed to stop Russian hackers after years of online infiltration into Ukraine. In a news conference on Wednesday, Ukrainian officials said they believed Russia had brought all its cyber capabilities to bear on the country. However, Ukraine managed to repel many attacks, they added.

Microsoft provided detailed information on some of the attacks featuring parallel cyber activity and ground activity.

Microsoft said that on March 1, Russian cyber-attacks hit media companies in Kiev, including a large broadcasting network that used malware to destroy computer systems and steal information. On the same day, missiles destroyed a TV tower in Kiev, knocking out several stations from the air.

The incident showed Russia’s interest in controlling the flow of information into Ukraine during the invasion, Microsoft said.

A group linked to the GRU, a Russian military intelligence agency, was hacked on March 4 into the network of a government agency in the southwestern city of Vinitsia, Kiev. The group, which was previously involved in the theft of emails related to Hillary Clinton’s 2016 presidency. The campaign also carries out phishing attacks on military officials and regional government employees aimed at stealing passwords from their online accounts.

Microsoft said the hacking efforts point to a key direction for the group, which generally focuses on its national offices rather than regional governments.

Two days after the fishing attempts, Russian missiles struck an airport in Vinnitsa, damaging air traffic control towers and aircraft. The airport was not close to any ground battlefield at the time, but had a Ukrainian military presence.

On March 11, Russian hackers and soldiers were once again seen advancing to a concert when a government agency in Dnipro was targeted with destructive malware, according to Microsoft, when government buildings in Dnipro went on strike.

Similarities also emerged between Russia’s false campaigns to spread false rumors about Ukraine developing biological weapons and targeting nuclear facilities in Ukraine. In early March, Russian troops occupied the Zaporizhzia nuclear facility, Europe’s largest nuclear power plant. Microsoft said that during the same period, Russian hackers worked to steal data from nuclear power institutes and research institutes in Ukraine that could be used for more obscure stories.

Microsoft said one of the groups involved in Russia’s Federal Security Service and has a history of targeting companies in the energy, aviation and defense sectors was able to steal data from the Ukrainian Nuclear Security Agency between December and mid-March.

By the end of March, Russian hackers began to focus their attention on eastern Ukraine, as the Russian military began to reorganize its troops there. Little is known about the hacking campaign backed by Russia during April, as many of its episodes are under investigation.

Mr. Said Bert. “They are doing a good job, both defending against cyber attacks and recovering from them when they succeed.”

Similar Posts

Leave a Reply

Your email address will not be published.