BOSTON – Cyberattacks by state-backed Russian hackers have destroyed data across dozens of organizations in Ukraine and produced “a chaotic information environment,” Microsoft says in a report released Wednesday.
Nearly half the destructive attacks were against critical infrastructure, many times simultaneous to physical attacks, the report notes.
A top Ukrainian cybersecurity official, Victor Zhora, told reporters in a news briefing on Wednesday that cyberattacks on telecommunications have sometimes coincided with artillery and other physical attacks.
Microsoft assessed that Russia-aligned threat groups were “pre-positioning for the conflict as early as March 2021,” hacking into networks to obtain footholds they could later use to collect “strategic and battlefield intelligence or to facilitate future destructive attacks.”
During the war, Russia’s cyberattacks “have at times not only degraded the functions of the targeted organizations but sought to disrupt citizens’ access to reliable information and critical life services, and to shake confidence in the country’s leadership,” the company's Digital Security Unit says in the 20-page report.
Kremlin cyber operations “have had an impact in terms of technical disruption of services and causing a chaotic information environment, but Microsoft is not able to evaluate their broader strategic impact,” the report says.
Disruption from Russian cyber activity has been more modest than many anticipated ahead of the Feb. 24 invasion, and Microsoft said damaging attacks have “been accompanied by broad espionage and intelligence activities.”
Early on, a cyberattack that also affected European broadband users knocked out satellite service to Ukrainian military, police and other institutions. But Ukrainian defenders, aided by outside cybersecurity firms, have also scored victories. Microsoft and Slovakia-based ESET helped them thwart an attempt earlier this month to cut power to millions of Ukrainians.
The report says groups with known or suspected ties with Russia’s GRU military intelligence agency have used destructive “wiper” malware “at a pace of two to three incidents a week since the eve of the invasion.”
It did not name specific targets but they are known to include telecommunications companies and local, regional and national agencies.
From the invasion onset until April 8, Microsoft said at least eight different malware strains were used in “nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine.”
In an accompanying blog, Microsoft executive Tom Burt noted that the company had also seen “limited espionage attack activity” targeting NATO member states.