Microsoft has revealed that Russia is increasingly combining cyber attacks against Ukraine with strikes using conventional weaponry such as missiles, in a multi-pronged offensive that could extend beyond the borders of the conflict.
Research conducted by Microsoft has shown that 55% of the 50 or so Ukrainian organisations hit by Russian malware since February are responsible for critical infrastructure, such as energy, water, emergency services, and healthcare - sectors that have also been the focus of intense missile strikes.
In recent months, affected organisations have largely been located in and around the areas of heaviest physical conflict, such as Kyiv and the country’s south.
As cyber and kinetic attacks continue to line up, Microsoft has also pointed to mounting evidence that Russia seeks to carry out cyber attacks outside of Ukraine. These have caused strategic damage to supporters of the country in parallel to its continued bombardment of Ukrainian targets.
Attacks on European states could be carried out with the goal of disabling supply chains crucial for maintaining support to Ukraine, Microsoft said, pointing to its recent warnings over the Prestige ransomware targeting Poland as proof that such a campaign has already begun.
At the end of October, missile strikes left 80% of Kyiv without running water, while missile strikes left 10 million premises without power - conditions that have caused particular worry as Ukraine enters its coldest months.
Russian cyber attacks on Ukraine have largely been carried out by a threat group tracked by Microsoft as IRIDIUM, which has close ties to Russia’s Main Intelligence Directorate, otherwise known as the GRU.
Historical attacks credited to IRIDIUM include the crippling of Ukraine’s power grid in 2015 and 2016 through the Disakil Trojan. 2017’s infamous NotPetya attack, which used a highly destructive wiper malware that targeted Ukrainian infrastructure, is another example of IRIDIUM's work. It eventually caused over $10 billion to companies like Maersk and Merck.
Since the invasion, the organisation has launched more wiper variants such as Hermetic Wiper, a malware and believed to have been specifically designed in anticipation of the invasion. In recent months, as Russia lost land and suffered defeats across Ukraine, IRIDIUM has increased activity with wipers such as Caddywiper and Foxblade.
2022 IBM's Security X-Force cloud threat landscape report
Recommendations for preparing and responding to cloud breaches
In this next step of the campaign, researchers also warned that Russia is likely to use mass disinformation to stoke concerns around the energy crisis, in an attempt to shift public opinion in favour of ending the war on terms agreeable to the Kremlin.
German and Czech entities were named as having existing sympathy with Russia, and there is concern that social media could enable pro-Russian talking points to gain traction in these regions off the back of seemingly-rational economic concerns.
“Clandestine cyber warfare is rapidly becoming a thing of the past,” said Nadir Izrael, CTO and co-founder at Armis.
“We now see brazen cyber attacks by nation-states, often with the intent to gather intelligence, disrupt operations, or outright destroy data. Based on these trends, all organisations should consider themselves possible targets for cyber warfare attacks and secure their assets accordingly.”
In response to the attacks, Microsoft has reaffirmed its commitment to identifying threat actors who seek to attack key Ukrainian and European supply chains, and submit reports on Russia-sponsored cyber operations to both partners and the public.
Alongside its information gathering and reporting efforts, Microsoft will also continue its active defence of the cyber landscape, with a stated goal of protecting Ukrainian academics, journalists, and nonprofits that are crucial to shedding light on the attacks being perpetrated by Russia.
Representatives within Microsoft’s Digital Diplomacy and Democracy Forward teams will also talk to victims and their governments to organise a unified response to state-sponsored cyber attacks.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at email@example.com or on LinkedIn.