Hacking groups closely linked to the Russian government have made nearly 40 destructive attacks against hundreds of Ukrainian targets since the start of the invasion, according to a report issued by Microsoft.
The attacks have been largely, but not exclusively, targeted at Ukrainian government institutions, and Microsoft’s report noted that these attacks have had damaging effects on the country’s economy and civilian population, in addition to Ukraine’s government and military.
Operating under the apparent direction of three main groups — the GRU military intelligence service, SVR interior ministry and FSB security service — Russian-backed hackers undertook a huge range of offensive cyberoperations against Ukraine, ranging from phishing campaigns and misinformation to data theft and the destruction of critical systems, Microsoft said.
Energy infrastructure has been a particular target of the hackers, according to Microsoft, which noted that nuclear safety organizations and regional energy providers have been targeted by data theft and system destruction attacks. But the energy sector is far from the only one in the hackers’ sights, as media organizations, logistics providers and even, in one case, an agricultural firm were compromised.
Pace of cyberattacks expected to quicken
Microsoft said that the pace of attacks is likely to quicken as the invasion continues, given Russian President Vladimir Putin’s public insistence that the war “would continue until objectives were achieved.” A blog post accompanying the report said that the scope of Russia’s offensive cyberactivities could even expand as the conflict wears on, noting that there are already indications of retaliatory measures being taken against the numerous countries providing material support to Ukraine.
“The alerts published by CISA and other US government agencies, and cyber-officials in other countries, should be taken seriously and the recommended defensive and resilience measures should be taken – especially by government agencies and critical infrastructure enterprises,” the post said.
Actions to protect against Russian cyberattacks
The report also included a list of recommended steps for governmental and infrastructure IT security workers. Microsoft urged the adoption of multifactor authentication wherever possible, securing any internet-facing system, implementing an in-depth array of antimalware and endpoint detection solutions, and ensuring the availability of audit functionality for key systems.
According to the report, some cyberattacks appeared to have been launched in tandem with real-world Russian attacks in Ukraine, but the exact degree of coordination between the hacking groups and the Russian military is difficult to determine.
“[I]t is unclear if there is coordination, centralized tasking or merely a common set of understood priorities driving the correlation,” the report said. “At times, computer network attacks immediately preceded a military attack, but those instances have been rare from our perspective.”