Russia Uses Cyber ​​Attacks in Ukraine to Support Military Attacks,


WASHINGTON — Weeks after the outbreak of war in Ukraine, American officials wondered about the seemingly missing weapon: Russia’s powerful cyber arsenal that many experts expect to be used in the opening hours of an invasion to bring down Ukraine’s power grid, fry the cell phone system, and President Volodymyr Zelensky’ separate it from the world.

None of this happened. But in a new study published Wednesday by Microsoft, it’s now clear that Russia is using A-team hackers to carry out hundreds of much more subtle attacks, often coinciding with incoming missile or ground attacks. And it turned out that, just as in the ground war, the Russians were less skilled and the Ukrainians the better defenders than most experts expected.

“They brought disruptive efforts, they brought espionage efforts, they brought their best actors to focus on that,” said Tom Burt, who oversees Microsoft’s research into the largest and most sophisticated cyberattacks visible through its global networks. But he also noted that “although they had some success”, the Russians were met with solid defense from the Ukrainians, who blocked some online attacks.

Report It adds a remarkable refinement to the understanding of the early days of the war, when bombardment and troop movements were obvious, but cyber operations were less visible and harder to blame, at least immediately, on Russia’s leading intelligence agencies.

But it is now clear that Russia has used hacking campaigns to support ground operations in Ukraine, and that it has matched malware with missiles in various attacks, including TV stations and government agencies, according to Microsoft’s research. By showing Russia’s persistent use of cyber weapons, the report overturns early analysis that these weapons did not play a significant role in the conflict.

“This has been a relentless cyberwarfare parallel to and in some cases directly supported by kinetic warfare,” said Mr. Burt. The hackers affiliated with Russia are “conducting cyberattacks 24/7 every day, hours before the physical invasion begins,” he added.

Microsoft was unable to determine whether Russia was given similar targets to hackers and troops simply to pursue, or whether it was actively coordinating their efforts. But Russian cyberattacks took place within days — and sometimes within hours — most of the activity on the ground.

Microsoft said in its report that from the weeks leading up to the invasion to March, at least six Russian nation-state hacking groups launched more than 237 operations against Ukrainian businesses and government agencies. The attacks were generally aimed at destroying computer systems, but some were also aimed at gathering intelligence or spreading misinformation.

Microsoft said that although Russia routinely relies on malware, espionage and disinformation to further its agenda in Ukraine, it appears that Moscow is trying to limit its hacking campaigns to stay within Ukraine’s borders, perhaps to avoid drawing NATO countries into the conflict.

Russian hackers often make minor changes to the malware they use to avoid detection.

“Absolutely A-Team,” said Mr. Burt. “Basically all the key nation-state actors.”

Still, Ukrainian defenders were able to thwart some attacks, accustomed to fending off Russian hackers after years of online intrusions in Ukraine. Ukrainian officials said at a press conference on Wednesday they believe Russia is bringing all its cyber capabilities to the country. Still, Ukraine managed to fend off most of the attacks, they added.

Microsoft detailed several attacks that appeared to show parallel cyber activity and ground activity.

Microsoft said on March 1 that Russian cyberattacks hit media companies in Kiev, including a major broadcast network, using malware aimed at destroying computer systems and stealing information. On the same day, missiles destroyed a television tower in Kiev, knocking out some stations.

Microsoft said the incident showed Russia’s interest in controlling the flow of information in Ukraine during the invasion.

A group affiliated with the GRU, a Russian military intelligence agency, hacked the network of a government agency in the city of Vinnytsia, southwest of Kiev, on March 4. campaign carried out phishing attacks against military officials and regional government employees aimed at stealing the passwords of their online accounts.

Microsoft said the hacking attempts represent an axis for the group, which typically focuses its efforts on national offices rather than regional governments.

Two days after the phishing attempts, Russian missiles hit an airport in Vinnytsia, damage air traffic control towers and an aircraft. The airport was not close to any ground battlefields at the time, but did have some Ukrainian military presence.

According to Microsoft, on March 11, when a government agency in Dnipro was targeted with devastating malware, Russian hackers and soldiers once again acted in concert when government buildings in Dnipro were hit by strikes.

Parallels have also emerged between the Russian disinformation campaigns, which spread false rumors that Ukraine is developing biological weapons, and the targeting of nuclear facilities in Ukraine. In early March, Russian troops captured the Zaporizhzhia nuclear plant, the largest nuclear power plant in Europe. Microsoft said that during the same time period, Russian hackers attempted to steal data from Ukrainian nuclear power utilities and research institutions that could be used in further disinformation narratives.

Microsoft said one of the groups affiliated with Russia’s Federal Security Service, which has a history of targeting companies in the energy, aerospace and defense sectors, was able to steal data from a Ukrainian nuclear security agency between December and mid-March.

At the end of March, Russian hackers began to shift their focus to eastern Ukraine, as the Russian military began to reorganize troops there. Little is known about the hacking campaigns sponsored by Russia in April, as investigations into many of these episodes are ongoing.

“The Ukrainians have been better defenders than anticipated, and I think this applies on both sides of the hybrid war,” said Mr. Burt. “They do a good job of both defending against cyberattacks and getting rid of them when they’re successful.”


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *