Russia Uses Cyberattacks in Ukraine to Support Military Strikes, Report Finds

A new study by Microsoft shows that Russian cyberattacks often happened within days or even hours of missile strikes.

  • Send any friend a story

    As a subscriber, you have “>10 gift articles to give each month. Anyone can read what you share.

    Give this article

  • 1
  • Read in app

Russia Uses Cyberattacks in Ukraine to Support Military Strikes, Report Finds | INFBusiness.com

Russia used hackers to conduct hundreds of subtle attacks, many timed to coincide with incoming missile or ground attacks, according to a new report.

WASHINGTON — For weeks after the outbreak of the war in Ukraine, American officials wondered about the weapon that seemed to be missing: Russia’s mighty cyberarsenal, which most experts expected would be used in the opening hours of an invasion to bring down Ukraine’s power grid, fry its cellphone system and cut off President Volodymyr Zelensky from the world.

None of that happened. But in a new study released Wednesday by Microsoft, it is now clear that Russia used its A-team of hackers to conduct hundreds of far more subtle attacks, many timed to coincide with incoming missile or ground attacks. And it turned out that, just as in the ground war, the Russians were less skillful, and the Ukrainians were better defenders, than most experts expected.

“They brought destructive efforts, they brought espionage efforts, they brought all their best actors to focus on this,” said Tom Burt, who oversees Microsoft’s investigations into the biggest and most complex cyberattacks that are visible through its global networks. But he also noted that while “they had some success,” the Russians were met with a robust defense from the Ukrainians that blocked some of the online attacks.

The report adds considerable subtlety to an understanding of the early days of the war, when the shelling and troop movements were obvious, but the cyberoperations were less visible — and more difficult to blame, at least right away, on Russia’s major intelligence agencies.

But it is now becoming clear that Russia used hacking campaigns to support its ground campaign in Ukraine, pairing malware with missiles in several attacks, including on TV stations and government agencies, according to Microsoft’s research. The report demonstrates Russia’s persistent use of cyberweapons, upending early analysis that suggested they did not play a prominent role in the conflict.

“It’s been a relentless cyberwar that has paralleled, and in some cases directly supported, the kinetic war,” Mr. Burt said. Hackers affiliated with Russia were carrying out cyberattacks “on a daily, 24/7 basis since hours before the physical invasion began,” he added.

Microsoft could not determine whether Russia’s hackers and its troops had merely been given similar targets to pursue or had actively coordinated their efforts. But Russian cyberattacks often struck within days — and sometimes within hours — of on-the-ground activity.

From the weeks leading up to the invasion through March, at least six Russian nation-state hacking groups launched more than 237 operations against Ukrainian businesses and government agencies, Microsoft said in its report. The attacks were often intended to destroy computer systems, but some also aimed to gather intelligence or spread misinformation.

Although Russia routinely relied on malware, espionage and disinformation to further its agenda in Ukraine, it appeared that Moscow was trying to limit its hacking campaigns to stay within Ukraine’s borders, Microsoft said, perhaps in an attempt to avoid drawing NATO countries into the conflict.

The attacks were sophisticated, with Russian hackers often making small modifications to the malware they used in an effort to evade detection.

Live Updates: Russia-Ukraine War

Updated April 27, 2022, 1:35 p.m. ET

  • Ukrainians in one village flooded it to keep Russian forces at bay.
  • The mayor of Mariupol pleads for help to rebuild his shattered city once the war is over.
  • Explosions and downed drones suggest Ukraine is striking targets deeper inside Russia.

“It’s definitely the A-team,” Mr. Burt said. “It’s basically all of the key nation-state actors.”

Still, Ukrainian defenders were able to thwart some of the attacks, having become accustomed to fending off Russian hackers after years of online intrusions in Ukraine. At a news conference on Wednesday, Ukrainian officials said they believed Russia had brought all of its cybercapabilities to bear on Ukraine. Still, Ukraine managed to fend off many of the attacks, they added.

Microsoft detailed several attacks that appeared to show parallel cyberactivity and ground activity.

On March 1, Russian cyberattacks hit media companies in Kyiv, including a major broadcasting network, using malware aimed at destroying computer systems and stealing information, Microsoft said. The same day, missiles destroyed a TV tower in Kyiv, knocking some stations off the air.

The incident demonstrated Russia’s interest in controlling the flow of information in Ukraine during the invasion, Microsoft said.

A group affiliated with the G.R.U., a Russian military intelligence agency, hacked into a government agency’s network in Vinnytsia, a city located to the southwest of Kyiv, on March 4. The group, which was previously linked to the theft of emails related to Hillary Clinton’s 2016 presidential campaign, carried out phishing attacks against military officials and regional government employees that were intended to steal passwords to their online accounts.

Russia-Ukraine War: Key Developments

Card 1 of 3

Gas supplies. Gazprom, Russia’s state-run gas company, announced it was cutting off supplies of natural gas to Poland and Bulgaria, in apparent  retaliation against European sanctions and aid for Ukraine.

Explosions in the border regions. Transnistria, a breakaway region of Moldova on Ukraine’s western flank, was struck by explosions that Ukraine said were carried out by Russia as a pretext to invade Ukraine from that side. Local officials in three Russian districts bordering Ukraine later reported overnight blasts, raising the specter of broader conflict spilling beyond Ukraine’s borders.

A joint effort. The United States gathered military leaders from 40 countries in Germany to discuss military and humanitarian aid to Ukraine and later  announced the formation of the Ukraine Contact Group, which will have defense ministers and military chiefs from participating countries hold regular meetings to react to the changing nature of the war.

The hacking attempts represented a pivot for the group, which typically focuses its efforts on national offices rather than regional governments, Microsoft said.

Two days after the phishing attempts, Russian missiles struck an airport in Vinnytsia, damaging air traffic control towers and an aircraft. The airport was not near any areas of ground fighting at the time, but it did have some Ukrainian military presence.

Russian hackers and troops appeared to move in concert yet again on March 11, when a government agency in Dnipro was targeted with destructive malware, according to Microsoft, while government buildings in Dnipro were hit by strikes.

Parallels also emerged between Russian disinformation campaigns that spread false rumors about Ukraine developing biological weapons and the targeting of nuclear facilities in Ukraine. In early March, Russian troops captured the Zaporizhzhia nuclear facility, Europe’s biggest nuclear power plant. During the same period of time, Russian hackers worked to steal data from nuclear power organizations and research institutions in Ukraine that could be used to further disinformation narratives, Microsoft said.

One of the groups, which is affiliated with Russia’s Federal Security Service and has a history of targeting companies in the energy, aviation and defense sectors, was able to steal data from a Ukrainian nuclear safety organization between December and mid-March, Microsoft said.

By the end of March, Russian hackers were beginning to pivot their focus to eastern Ukraine, as the Russian military began to reorganize troops there. Little is known about hacking campaigns backed by Russia that occurred during April, as investigations into many of those incidents are ongoing.

“Ukrainians themselves have been better defenders than was anticipated, and I think that’s true on both sides of this hybrid war,” Mr. Burt said. “They’ve been doing a good job, both defending against the cyberattacks and recovering from them when they are successful.”

Source: nytimes.com

Leave a Reply

Your email address will not be published. Required fields are marked *