WASHINGTON — A new investigation into how Russia used its cyber capabilities in the first months of the war in Ukraine contains a number of surprises: Moscow carried out more cyberattacks to support its intrusion than was realized at the time, but three of them More than two out of 10 attacks failed, echoing its poor performance on the physical battlefield.
However, this study, Microsoft released Wednesdaysuggesting that President Vladimir V. Putin’s government has achieved more than many expected through its disinformation campaign to build a war narrative in Russia’s favor, including evidence that the U.S. secretly produces biological weapons inside Ukraine.
The report is the latest effort by many groups, including U.S. intelligence agencies, to understand the interplay between brutal physical warfare and parallel and often coordinated struggles in cyberspace.it It shows that Ukraine has been prepared to defend against cyber attacks for many years. That’s at least in part because private sector companies, including Microsoft and Google, have well-established warning systems, as well as preparations that include migrating most of Ukraine’s most critical systems to the cloud and to servers outside Ukraine.
Descriptions of Russian cyberattacks and disinformation campaigns show that only 29 percent of attacks compromised targeted networks — in Ukraine, the U.S., Poland and the Baltic states. But it pointed to a more successful effort to dominate the information war, with Russia accusing Washington and Kyiv of sparking the conflict now raging in eastern and southern Ukraine.
The war is the first full-scale battle using traditional and cyber weapons side-by-side, and the race is on to explore unprecedented dynamics between the two. So far, this dynamic has hardly worked out as expected.
Analysts and government officials were initially shocked that Russia had not launched a serious attack on Ukraine’s power grid and communications systems. In April, President Biden’s national cyber director, Chris Inglis, said the “question at hand” was why Russia was not “playing a very important role online, at least against NATO and the United States.” He speculates that the Russians thought they would have a quick victory in February, but were “distracted” when the war hit a snag.
The Microsoft report said Russia attempted a major cyber attack on February 23, the day before the physical intrusion. That attack used malware called FoxBlade that attempted to wipe data off government networks using “wipe” software. Around the same time, Russia attacked the Viasat satellite communications network in hopes of weakening the Ukrainian military.
“us I think they were among the first to witness the first shots on February 23,” Microsoft President Brad Smith said.
“This is a set of powerful, intensive, even ferocious attacks, attacks that started with a form of wipe software, really coordinated by different parts of the Russian government,” he told a forum on Ronald on Wednesday. added. The Reagan Presidential Foundation and the Washington Institute.
But many attacks have been thwarted, or enough redundancy built into Ukrainian networks, that efforts have done little damage. As a result, Mr Smith said, the attack was underestimated.
In many cases, Russia has combined its use of cyber weapons with conventional attacks, including shutting down the plant’s computer network before dispatching the military to take over the plant, Smith said. Microsoft officials declined to say which factory Mr. Smith was referring to.
While most cyber activity in Russia is concentrated in Ukraine, Microsoft has detected 128 cyber intrusions in 42 countries. Microsoft concluded that of the 29 percent of Russian attacks that successfully breached networks, only a quarter resulted in data theft.
Outside Ukraine, Russia has focused its attacks on the United States, Poland and two aspiring NATO members, Sweden and Finland. Other coalition members were also targeted, especially as they began supplying Ukraine with more weapons. The breaches, though, were limited to surveillance — a sign that Moscow is trying to avoid bringing NATO countries directly into the fray through cyberattacks, just as it avoids physical attacks on them.
But Microsoft, other tech companies and government officials say Russia has combined these infiltration attempts with a broad global propaganda effort.
Microsoft tracked growth in Russian propaganda spending in the U.S. in the first few weeks of the year. Before invading Ukraine on February 24, it peaked at 82%, with 60 million to 80 million monthly page views. Microsoft says the number is comparable to the page views of the largest traditional media site in the United States.
One example Mr Smith cited was propaganda within Russia pushing its citizens to vaccinate, while its English-language messages spread anti-vaccination content.
In the weeks before a fleet of trucks protesting a vaccine mandate attempted to shut down Ottawa, Microsoft also tracked an increase in Russian propaganda in Canada and in New Zealand ahead of protests against public health measures aimed at fighting the pandemic.
“It’s not post-news consumption; it’s not even a case of post-news amplification efforts,” Mr Smith said. “But I think it’s fair to say that it’s not just this amplification that precedes the news, it’s very likely an attempt to make and influence the creation of the news of the day itself.”
Senator Angus King, who is independent of Maine and a member of the Senate Intelligence Committee, noted that while private companies can track Russia’s efforts to spread disinformation within the U.S., U.S. intelligence agencies are restricted by law from snooping inside U.S. networks .
“There are gaps, and I think the Russians are aware of that, and that allows them to exploit holes in our system,” said Mr. King, who also spoke at the Reagan Institute.
A provision in this year’s defense policy bill under consideration by Congress would require the National Security Agency and its military compatriot U.S. Cyber Command to report to Congress every two years on election security, including efforts by Russia and other foreign powers to influence Americans.
“Ultimately, the best defense is to make our own people better consumers of information,” Mr King said. “We have to do a better job of educating people to be better consumers of information. I call it digital literacy. We have to teach fourth and fifth grade kids how to differentiate between fake and real websites.”