WASHINGTON — A group of hackers with ties to the Russian government appears to be preparing new cyberattacks against Ukrainian government infrastructure and offices, Microsoft said in a report Wednesday, suggesting that Russia’s long-awaited spring offensive could include actions in cyberspace as well as on the ground.
The report also said Russia appears to be stepping up influence operations outside of Ukraine in an attempt to weaken European and US support for continued military aid, intelligence sharing and other assistance to the Ukrainian government. The effort would come as a faction in the Republican Party, and some in the Democratic Party, argue that supporting Ukraine is not in the core interest of the United States.
For now, Russia’s main influence campaign is focused on Europe, but it will shift to the United States “as the year approaches the presidential election debate,” said Clint Watts, director of the Center for Digital Threat Analysis at Microsoft.
Since before the war began a year ago, Russia’s efforts to use its considerable cyber capabilities against Ukraine and its failure to cripple the government in the way US officials hoped have been the subject of intense study and some mystery.
Evidence accumulated in recent months shows that Russia often tried to coordinate cyber attacks with physical attacks on Ukraine’s power grid and other targets. But the Ukrainians were often one step ahead of Moscow, having backup systems in place or creating new ones, including moving much of the country’s digital operations to the cloud.
Microsoft’s report carries significant weight because the company’s warnings about pending cyberattacks in the run-up to the war were largely accurate. But it also suggests that Russia’s digital warriors, many of whom are linked to the country’s intelligence services, are trying again in the second year of the war.
In recent months, top US officials have begun discussing their late-2021 efforts to help bolster Ukraine’s cyber defenses and the rush to move government agency operations to the cloud in the weeks after the start. of the invasion. That minimized the damage Russia was able to inflict and allowed Ukraine’s President Volodymyr Zelensky to broadcast messages on the Internet every day to unite citizens in the fight.
Microsoft said it believed a group with ties to Russia it had tracked was taking actions that could “prepare for a renewed offensive,” including reconnaissance, access operations, and The data-erasing “cleaner” malware, just like the hackers did in the early days of last year’s invasion.
“There is an increase in trying to break into government targets, trying to break into critical infrastructure targets and then trying to use modified or destructive ransomware attacks,” Watts said.
Ukrainian officials say they are seeing more than 10 cyberattacks a day, with Russian hackers targeting the energy sector, logistics facilities, military targets and government databases.
“We monitor risks and threats in real time 24/7,” Ilia Vitiuk, head of the cybersecurity department at the Security Service of Ukraine, known as SBU, said in a statement. “We know most of the Russian special services hackers working against us by name.”
But even as Russian cyber operations appear poised to intensify, Ukrainian defenses, at least for now, remain strong, according to US and Ukrainian officials.
The United States and its allies have at times guided Ukraine’s own cyber forces on how to counterattack groups seeking to cripple their systems. However, US officials have provided few details, just as they have declined to discuss information being given to Ukraine to help attack its missile and artillery systems.
Watts said Microsoft’s research showed that Ukrainians had also become more resistant to Russian propaganda, and that interest in Russian news sites among Ukrainians dropped sharply as the war progressed.
Instead, Russia has focused its influence operations on Ukrainian refugees in Poland and other countries. Moscow has also targeted NATO hearings, trying to erode support for the war.
“The decisive point for their influence operations now is Western Europe,” Watts said. “They are trying to use active measures to undermine support for Ukraine in Western Europe.”
For now, Germany remains the most decisive battleground for Russian influence operations, and Moscow hopes to make it more difficult for Berlin to send additional military aid to Ukraine.
Russian propagandists, according to Microsoft and US officials, have been pushing narratives that blame allied support for Ukraine for rising inflation and energy prices.
While it is difficult to judge the effectiveness of influence campaigns, by some measures those efforts have been more successful than cyberattacks.
Russia tried to carry out many cyber attacks on Ukraine’s power grid last year. But Ukrainian defenders neutralized hundreds of attacks on power facilities and only 30 became critical incidents causing disruption, Vitiuk said.
Russia’s sustained campaign of missile and drone attacks against electrical infrastructure has also proven far more effective than cyber attacks, plunging much of the country into cold and darkness for days.
Even when cyberattacks on the power grid were successful, Watts said, “Ukraine was very capable of recovering very quickly.”
