At least six different Kremlin-linked hacking groups have conducted nearly 240 cyber operations against Ukrainian targets, Microsoft said Wednesday, in data that reveals a broader scope of allegedly different Russian cyberattacks during the war on Ukraine than has previously been documented.
“Russia’s use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations,” said Tom Burt, Microsoft vice president.
The Microsoft report is the most comprehensive public record yet of Russian hacking efforts related to the war in Ukraine. It fills in some gaps in public understanding of where Russia’s vaunted cyber capabilities have been deployed during the war.
Burt cited a cyberattack on a Ukrainian broadcast company on March 1, the same day as a Russian missile strike against a TV tower in Kyiv, and malicious emails sent to Ukrainians falsely claiming the Ukrainian government was “abandoning” them amid the Russian siege of the city of Mariupol.
Suspected Russian hackers “are working to compromise organizations in regions across Ukraine,” and may have been collecting intelligence on Ukrainian military partnerships many months before the full-scale invasion in February, the Microsoft report says.
Russia’s military attacks on Ukraine sometimes “correlate with cyberattacks, especially when it involves attacks on telecom infrastructure in some areas,” Victor Zhora, a senior Ukrainian government cyber official, told reporters Wednesday.
In the weeks after Russia’s latest invasion of Ukraine, some pundits and US officials were surprised that there hadn’t been more noticeably disruptive or debilitating Russian cyberattacks on the country. Possible explanations ranged from disorganization in Russian military planning to hardened defenses to the fact that Ukrainian bombs and bullets take precedence over hacking in wartime.
But a barrage of alleged Russian and Belarusian hacks aimed at destabilizing Ukraine has indeed taken place, with some hacks emerging weeks after they took place. Some hacking attempts have been more successful than others.
A multi-faceted cyberattack at the onset of the war knocked out internet service for tens of thousands of satellite modems in Ukraine and elsewhere in Europe; US officials are investigating the incident as a potential Russian state-sponsored hack, CNN previously reported.
More background: Earlier this month, a Russian military-linked hacking group targeted a power substation in a Ukrainian hack that, had it been successful, could have cut power for 2 million people, according to Ukrainian officials. But while the same hacking group succeeded in cutting power in Ukraine in 2015 and 2016, the recent cyberattack did not affect the provision of electricity at the targeted power company, according to Zhora.
NATO officials David Cattler and Daniel Black noted a series of alleged Russian data-wiping hacks aimed at Ukrainian organizations over multiple weeks.
“If observers see this cyber-offensive as a series of isolated events, its scale and strategic significance get lost in the conventional violence unfolding in Ukraine,” Cattler and Black wrote in Foreign Affairs this month. “But a full accounting of the cyber-operations reveals the proactive and persistent use of cyberattacks to support Russian military objectives.”
Officials from the White House, Department of Homeland Security and other agencies have worked closely with Ukrainian counterparts to try to defend against Russian hacking and gain insights into Russian capabilities that might be used against the US.
“Ukraine was, unfortunately, kind of a playground for cyber weapons over the last eight years,” Zhora said. “And now we see that some technologies that were tested or some of attacks that were organized on Ukrainian infrastructure continue in other states.”
Zhora touted the resilience of Ukrainian network defenders.
Russian hackers “continue to be dangerous,” Zhora said Wednesday. “They continue to threaten democracies, threaten Ukrainian cyberspace. Nevertheless, I don’t think they can scale their cyber warriors or they can use some completely new technologies that can attack Ukrainian infrastructure.”
CNN has requested comment from the Russian embassy in Washington, DC, on the Microsoft report.