IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine

The tech giant also warned that other European nations could be targeted by pro-Russian threat actors seeking to weaken supply chains

Microsoft has revealed that Russia is increasingly combining cyber attacks against Ukraine with strikes using conventional weaponry such as missiles, in a multi-pronged offensive that could extend beyond the borders of the conflict.

Research conducted by Microsoft has shown that 55% of the 50 or so Ukrainian organisations hit by Russian malware since February are responsible for critical infrastructure, such as energy, water, emergency services, and healthcare - sectors that have also been the focus of intense missile strikes.

In recent months, affected organisations have largely been located in and around the areas of heaviest physical conflict, such as Kyiv and the country’s south.

As cyber and kinetic attacks continue to line up, Microsoft has also pointed to mounting evidence that Russia seeks to carry out cyber attacks outside of Ukraine. These have caused strategic damage to supporters of the country in parallel to its continued bombardment of Ukrainian targets.

Attacks on European states could be carried out with the goal of disabling supply chains crucial for maintaining support to Ukraine, Microsoft said, pointing to its recent warnings over the Prestige ransomware targeting Poland as proof that such a campaign has already begun.

In a blog post on its outlook, Microsoft warned that attacks on Ukrainian critical national infrastructure (CNI) are likely to continue through the winter.

At the end of October, missile strikes left 80% of Kyiv without running water, while missile strikes left 10 million premises without power - conditions that have caused particular worry as Ukraine enters its coldest months.

Russian cyber attacks on Ukraine have largely been carried out by a threat group tracked by Microsoft as IRIDIUM, which has close ties to Russia’s Main Intelligence Directorate, otherwise known as the GRU.

Historical attacks credited to IRIDIUM include the crippling of Ukraine’s power grid in 2015 and 2016 through the Disakil Trojan. 2017’s infamous NotPetya attack, which used a highly destructive wiper malware that targeted Ukrainian infrastructure, is another example of IRIDIUM's work. It eventually caused over $10 billion to companies like Maersk and Merck. 

Since the invasion, the organisation has launched more wiper variants such as Hermetic Wiper, a malware and believed to have been specifically designed in anticipation of the invasion. In recent months, as Russia lost land and suffered defeats across Ukraine, IRIDIUM has increased activity with wipers such as Caddywiper and Foxblade.

Related Resource

2022 IBM's Security X-Force cloud threat landscape report

Recommendations for preparing and responding to cloud breaches

Whitepaper cover with image of a cloud with seven arrows over it pointing upwards

In this next step of the campaign, researchers also warned that Russia is likely to use mass disinformation to stoke concerns around the energy crisis, in an attempt to shift public opinion in favour of ending the war on terms agreeable to the Kremlin.

German and Czech entities were named as having existing sympathy with Russia, and there is concern that social media could enable pro-Russian talking points to gain traction in these regions off the back of seemingly-rational economic concerns.

“Clandestine cyber warfare is rapidly becoming a thing of the past,” said Nadir Izrael, CTO and co-founder at Armis.

“We now see brazen cyber attacks by nation-states, often with the intent to gather intelligence, disrupt operations, or outright destroy data. Based on these trends, all organisations should consider themselves possible targets for cyber warfare attacks and secure their assets accordingly.”

In response to the attacks, Microsoft has reaffirmed its commitment to identifying threat actors who seek to attack key Ukrainian and European supply chains, and submit reports on Russia-sponsored cyber operations to both partners and the public.

Alongside its information gathering and reporting efforts, Microsoft will also continue its active defence of the cyber landscape, with a stated goal of protecting Ukrainian academics, journalists, and nonprofits that are crucial to shedding light on the attacks being perpetrated by Russia.

Representatives within Microsoft’s Digital Diplomacy and Democracy Forward teams will also talk to victims and their governments to organise a unified response to state-sponsored cyber attacks.

Featured Resources

What 2023 will mean for the industry

What do most IT decision makers really think will be the important trends and challenges in the coming year?

Free Download

2022 Magic quadrant for Security Information and Event Management (SIEM)

SIEM is evolving into a security platform with multiple features and deployment models

Free Download

IDC MarketScape: Worldwide unified endpoint management services

2022 vendor assessment

Free Download

Magic quadrant for application performance monitoring and observability

Enabling continuous updating of diverse & dynamic application environments

View Now

Recommended

Uber says compromised third-party to blame for data breach
data breaches

Uber says compromised third-party to blame for data breach

13 Dec 2022
Major security exploits expected to rise before New Year
vulnerability

Major security exploits expected to rise before New Year

1 Nov 2022
Five common data security pitfalls
Whitepaper

Five common data security pitfalls

21 Oct 2022
Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland
ransomware

Microsoft warns of 'Prestige' ransomware targeting business in Ukraine, Poland

17 Oct 2022

Most Popular

Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
GTA V vulnerability exposes PC users to partial remote code execution attacks
vulnerability

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
European partners expect growth this year, here are three ways they will achieve it
Sponsored

European partners expect growth this year, here are three ways they will achieve it

17 Jan 2023