Microsoft Says Russia Will Continue To Launch Cyber Attacks On Ukraine

Apart from facing a land war, the Ukrainian army must also be prepared to face cyber war. (photo: twitter @ZelenskyyUa)

JAKARTA - Microsoft research results reveal that Russian hackers are claimed to be preparing a new cyber attack against Ukraine.

The tech giant's security research and analysis team outlines a series of findings about how Russian hackers operated during the Ukraine conflict and what might have happened next.

"Since the beginning of the war, Russia has deployed at least nine new wiper families and two types of ransomware against more than 100 Ukrainian government and private sector organizations," said the Microsoft research team on the company's official website, quoted Monday, March 20.

They added that a strong cyber defense partnership between the public and private sectors, as well as Ukraine's preparedness and resilience, had successfully withstood most of these attacks, but Russia's activity was continuing.

"In 2023, Russia has stepped up its espionage attacks, targeting organizations in at least 17 European countries, mostly government agencies. Wiper attacks continue in Ukraine. We are also closely monitoring the development and deployment of new ransomware variants," the Microsoft research team said.

In late November 2022, Microsoft and other security firms identified a new form of ransomware, called Sullivan, used to attack Ukrainian targets, in addition to the Prestige ransomware that Russia used in Ukraine and Poland in October 2022.

"Our analysis suggests that Russia will continue to carry out espionage attacks against Ukraine and its Ukrainian partners, and destructive attacks inside and potentially outside of Ukraine as perpetrated with Prestige," the Microsoft research team said.

The Russian hybrid attack also includes sophisticated influence operations. For example, Moscow's propaganda machine recently targeted Ukrainian refugee populations across Europe, trying to convince them they could be deported and conscripted into Ukraine.

Influence operations aligned with Russia have also recently raised tensions in Moldova. Russian media promoted the protests backed by pro-Russian political parties, prompting citizens to demand the government pay their winter energy bills.

"Another Russia-aligned campaign called Moldovan Leaks, publishing alleged leaks from Moldovan politicians, is just one of a number of hacking operations aimed at spreading mistrust between European citizens and their governments," the Microsoft research team said.

The findings come as Russia has introduced new troops to the battlefield in eastern Ukraine, according to Western security officials.

Ukraine's Defense Minister Oleksiy Reznikov last month warned Russia could speed up its military activities ahead of the February 24 anniversary of its invasion.

Furthermore, the Microsoft research team also disclosed some insights in a new Microsoft Threat Intelligence report on Russian activity. The report highlights several other important broad trends.

First, Moscow's hybrid war on Ukraine did not go according to plan. Strong engagement by the country's network of defenders, internationals, and locals hardened against Russian propaganda efforts has derailed the Kremlin's swift victory.

Second, Russian cyber threat activities have adapted their targeting and techniques, expanding their access to support intelligence gathering in Ukraine, support the country's civilian and military assets, and prepare for destructive attacks there, perhaps also beyond.

"The development of new forms of ransomware is an example, but others include using social media to market pirated software and backdoors to a Ukrainian audience," said the Microsoft research team.

"Then enabling early access to the organization, and spearphishing campaigns targeting vulnerable local servers in government, IT, and disaster response organizations in Europe. Third, no geographical boundaries are off-limits to Russian attempted attacks," he added.