Russia Has Battered Ukraine with Destructive Cyberattacks, Microsoft Says

Close up of a Russian Flag waving in a clear sky

Russia has carried out more extensive cyberattacks alongside its on-ground military operations in the ongoing conflict against Ukraine than was previously documented, according to a new Microsoft report. Hackers working on behalf of the Russian government have also reportedly conducted cyber-espionage operations.

According to Microsoft’s report, the cyber and military attacks together have aimed to “degrade or disrupt” Ukraine’s government and military.

Russian Hackers Conducted 237 Operations Against Ukrainian Targets

At the outset of the invasion, many pundits expressed their surprise at the low number of disruptive or devastating cyberattacks from Russian threat actors. However, in the following weeks, Microsoft has provided a more extensive look at Russian cyber operations in Ukraine than ever before.

Microsoft found that at least six Russian state-linked hacking groups had similar targets as the Russian military. It is currently unclear if the two are actively coordinating, or are working independently on a common set of targets. However, it is likely that Russia wants to undermine Ukraine’s political will and cripple its resistance through a highly-synced effort.

“Russia’s use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations,” Microsoft vice president Tom Burt said.

Microsoft has worked with Ukrainian cybersecurity officials and private sector organizations to defend against cyberattacks. Its report provides a detailed analysis of Russian cyber operations during the first month of its invasion of Ukraine.

Over 40% of Destructive Attacks Aimed at Critical Infrastructure

Microsoft added that Russian cyberattacks have “had an impact in terms of technical disruption of services and causing a chaotic information environment.”

However, it has not been able to determine the larger strategic impact so far. On the positive, its report provides crucial information about Russian attacks and targets. By and large, national government entities were targeted, while IT services, the energy sector, media and communications outlets, and nuclear facilities also found themselves in the crosshairs.

Below are some insightful points from the report:

  • Organizations in critical infrastructure sectors were targets of over 40% of the destructive attacks. Any harm to these entities could have “negative second-order effects on the government, military, economy, and people.”
  • Ukrainian government organizations (national, regional, and city-level) were targets of 32% of destructive incidents.
  • With each wave of malware deployment, the threat actors slightly modified the malware to evade detection. Microsoft estimates there have been “at least eight destructive malware families deployed on Ukrainian networks, including one tailored to industrial control systems (ICS).”

Microsoft believes that the threat actors will deploy more destructive malware if they manage to maintain their existing levels of productivity.

Statement from Senior Ukraine Government Official

Speaking on the correlation between the Russian military and cyber warfare, Victor Zhora, a senior Ukrainian government cyber official, said it is more prevalent in attacks on telecom infrastructure in some sectors.

“Ukraine was, unfortunately, kind of a playground for cyber weapons over the last eight years,” Zhora commented. “And now we see that some technologies that were tested or some of attacks that were organized on Ukrainian infrastructure continue in other states,” he added.

Zhora also spoke about the dangers posed by Russian hackers and the resilience of Ukrainian network defenders. “They continue to threaten democracies, threaten Ukrainian cyberspace. Nevertheless, I don’t think they can scale their cyber warriors or they can use some completely new technologies that can attack Ukrainian infrastructure,” Zhora said.

Russia continues to wage an information war alongside its military and cyber operations in Ukraine. Over the last few weeks, the country has taken a series of measures that severely restricts access to uncensored information. If you want to learn how you can bypass censorship in Russia, check out our article on how to get a VPN that works in the country.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.