Even before the start of the war in Ukraine, Russian state hackers harassed Ukrainian targets. At least six hacker groups with close ties to the Kremlin are responsible for hundreds of cyber attacks. It concerns at least 237 attacks. These threaten not only the Ukrainian government, but also the well-being of citizens.
This is according to research by Microsoft.
Crippling vital infrastructure
The American hardware and software company released a report on Russian cyber attacks on Ukraine on Wednesday. The company says it believes it is important to share the research results with the world so that the international community and policymakers know what is happening. And can defend against it.
Just before the first Russian tanks entered Ukraine, Russian state hackers were already active to bombard Ukrainian targets with cyber attacks. According to Microsoft, the perpetrators – hackers with close ties to the Kremlin – carried out at least 237 digital attacks against Ukraine.
Not only did the attackers try to paralyze government services and vital infrastructure, but there are also examples where espionage and the spreading of disinformation played the main role. Its purpose was to undermine confidence in the Ukrainian government. Microsoft also saw “limited espionage activities” involving NATO member states. The technology company does not specify which countries are involved.
This is how the Russian state hackers work
The Russian cyber attacks were not carried out randomly. Microsoft argues that it was based on strong coordination and planning. As an example, the researchers cite a cyber attack on a major Ukrainian broadcaster. This was carried out on the day Russia announced it was destroying “Ukrainian disinformation targets” and a missile hit a TV tower. While Russian soldiers besieged Mariuple, Ukrainians received an email in which a Russian actor pretended to be a resident of the eastern port city. He accused the government of abandoning Ukrainian citizens to their fate.
Of all cyberattacks that Microsoft observed, a third (32 per cent) were against Ukrainian government organizations. 40 per cent of the attacks targeted companies and organizations active in the vital sector. Then you have to think of telecom companies, suppliers of utilities and financial institutions such as banks.
Hackers use a variety of techniques to gain access to their targets’ computer systems. For example, they try to get login details through phishing, exploit unpatched vulnerabilities and bombard IT service providers with DDoS attacks. “These actors often modify their malware with each deployment to evade detection,” the researchers write.
First preparations were made a year ago
Microsoft provides a timeline of all events in the report. The first preparations for Russian cyber warfare were already made in March 2021, according to the tech company. Russian hackers were already trying to gain access to as many computer systems as possible of Ukrainian companies, organizations and government services. Immediately after the Russian invasion, hackers tried to gain access to targets that could provide intelligence on Ukraine’s military and foreign partnerships.
In the summer of 2021, the hackers targeted suppliers in Ukraine and beyond. For example, they tried to gain access not only to systems in Ukraine but also to the systems of NATO member states. Finally, in March, state hackers launched an attack with the Cyclops Blink malware. With this, they tried to steal and delete data from companies in the vital sector and to add new computers to their botnet.
“Since the beginning of the Russian invasion of Ukraine, Russian cyber attacks have been deployed in support of the military’s strategic and tactical objectives. It is likely that the attacks we have observed are just the tip of the iceberg of activities targeting Ukraine,” Microsoft said.
Microsoft warns NATO member states against Russian retaliation
The researchers believe that Russian state hackers will continue and expand their cyberattacks on Ukraine as the war rages on. At the same time, they warn NATO member states that sooner or later the attackers could target Western countries. These are retaliatory actions for military and humanitarian aid to Ukraine. The cyber attacks against organizations in the Baltic States are an example of this.
Catch up on more articles here
Follow us on Twitter here