Russia’s spring offensive in Ukraine could include cyberattacks, Microsoft says
WASHINGTON — A hacking group with ties to the Russian government appears to be plotting new cyberattacks against Ukrainian government infrastructure and offices, Microsoft said in a report Wednesday, suggesting Russia’s long-awaited spring offensive could include actions in cyberspace, as well as on the ground.
The report also says Russia appears to be stepping up its influence operations outside Ukraine, in an effort to weaken European and American support for continued military aid, intelligence sharing and other forms. assistance to the Ukrainian government. The effort would come as a faction of the Republican Party — and some in the Democratic Party — argue that backing Ukraine is not a core US interest.
For now, Russia’s main influence campaign is focused in Europe, but it will shift to the United States “as the year draws closer to a presidential election debate in the fall. “said Clint Watts, head of Microsoft’s Digital Threat Analysis Center.
Since before the war began a year ago, Russia’s efforts to use its considerable cyber capabilities against Ukraine, and its failure to cripple the government as US officials expected, have been the subject of criticism. in-depth studies and a certain mystery.
Evidence gathered in recent months shows that Russia has often attempted to coordinate cyberattacks with physical attacks on Ukraine’s power grid and other targets. But the Ukrainians were often one step ahead of Moscow and had back-up systems in place or rigged new ones, including moving much of the country’s digital operations to the cloud.
Microsoft’s report carries significant weight, as the company’s warnings of impending cyberattacks as war approached were largely accurate. But it also suggests that Russia’s digital warriors, many linked to the country’s intelligence services, are trying again in the second year of the war.
In recent months, senior US officials have begun discussing their efforts at the end of 2021 to help bolster Ukraine’s cyber defenses and a rush to move the operation of government agencies to the cloud in the weeks after the start of the invasion. This minimized the damage Russia may have inflicted – and allowed Ukrainian President Volodymyr Zelensky to broadcast messages on the internet every day to rally citizens to the fight.
Microsoft said it believes a group with ties to Russia it has tracked is carrying out actions that may “be in preparation for a new offensive,” including reconnaissance, access operations, and malware “wipers” that erase data, just as hackers did in the early days of last year’s invasion.
“There’s an increase in attempts to gain access to government targets, attempts to gain access to critical infrastructure targets and then trying to use destructive or modified ransomware attacks,” Watts said.
Ukrainian officials say they witness more than 10 cyberattacks a day, with Russian hackers focusing on the energy sector, logistics facilities, military targets and government databases.
“We monitor risks and threats in real time 24/7,” Ilia Vitiuk, head of the cybersecurity department of Ukraine’s Security Service, known as SBU, said in a statement. “We know by name most of the Russian special services hackers working against us.”
But even as Russian cyber operations look set to ramp up, Ukraine’s defences, at least for now, remain strong, according to U.S. and Ukrainian officials.
The United States and its allies have sometimes guided Ukraine’s own cyberforces on how to counterattack against groups seeking to cripple its systems. US officials, however, offered few details, just as they declined to talk about the information they are giving Ukraine to help target its missile and artillery systems.
Mr Watts said Microsoft research showed that Ukrainians had also become more resistant to Russian propaganda and that Ukrainian interest in Russian news sites had dropped significantly as the war progressed.
Russia has instead focused its influence operations on Ukrainian refugees in Poland and other countries. Moscow also targeted the NATO public, trying to erode support for the war.
“The turning point for their influence operations now is Western Europe,” Mr. Watts said. “They are trying to use active measures to undermine support for Ukraine in Western Europe.”
For now, Germany remains the most decisive battleground for Russian influence operations, with Moscow hoping to make it harder for Berlin to keep sending additional military aid to Ukraine.
Russian propagandists, according to Microsoft and US officials, pushed stories blaming allied support for Ukraine for driving up inflation and energy prices.
While the effectiveness of influencer campaigns is difficult to judge, by some metrics these efforts have been more successful than cyberattacks.
Russia attempted to carry out numerous cyberattacks on Ukraine’s energy grid last year. But Ukrainian defenders neutralized hundreds of attacks on energy facilities, and only 30 became critical incidents causing disruption, Vitiuk said.
Russia’s sustained campaign of missile and drone attacks on electrical infrastructure has also proven far more effective than cyberattacks, plunging much of the country into cold and darkness for days at a stretch. .
Even where cyberattacks on the power grid have succeeded, Mr Watts said: “Ukraine was very capable of coming back very quickly.