Microsoft says Russia’s spring offensive in Ukraine may include cyberattacks
WASHINGTON — A Russian government-linked hacking group appears to be preparing new cyberattacks on Ukrainian infrastructure and government offices, Microsoft said in a report Wednesday, suggesting Russia’s long-awaited spring offensive could include In cyberspace as well as on the ground.
The report also said Russia appeared to be stepping up its influence operations outside Ukraine to undermine European and U.S. support for continued military aid, intelligence sharing and other assistance to the Ukrainian government. A faction of the Republican Party — and some factions of the Democratic Party — believes that supporting Ukraine is not a core U.S. interest, and therefore the effort.
Clint Watts, head of Microsoft’s Digital Threat Analysis Center, said that while Russia’s main influence campaign is currently focused on Europe, it will shift to the United States “as this year approaches the fall presidential election debates.”
Russia’s efforts to use its formidable cyber capabilities against Ukraine, and its failure to weaken the government in ways that U.S. officials expected, has been the subject of intense research, and some mystery, since the war began a year ago.
Evidence gathered in recent months suggests that Russia has often attempted to combine cyberattacks with physical attacks on Ukraine’s power grid and other targets. But Ukrainians are generally one step ahead of Moscow and have backup systems or install new ones, including moving much of the country’s digital operations to the cloud.
Microsoft’s report is significant because the company’s warnings about impending cyberattacks before the war broke out were largely accurate. But it also suggests that Russia’s digital fighters, many of whom are linked to the country’s intelligence services, are trying again in the second year of the war.
In recent months, senior U.S. officials have begun discussing their efforts to help strengthen Ukraine’s cyber defenses by the end of 2021 and the rush to move government agency operations to the cloud in the weeks after the intrusion began. That minimizes the damage Russia can do — and allows Ukrainian President Volodymyr Zelensky to broadcast daily messages on the internet to rally citizens to the fight.
Microsoft said it believed a Russia-linked group it was tracking was taking actions that could “prepare for a new offensive,” including reconnaissance, access operations and “Wiper” malware that wipes data, just as hackers did when the breach began last year.
“There’s been an uptick in trying to get into government targets, trying to get into critical infrastructure targets and then trying to attack with destructive or modified ransomware,” Mr Watts said.
Ukrainian officials said they saw more than 10 cyberattacks a day, with Russian hackers targeting the energy sector, logistics facilities, military targets and government databases.
“We monitor risks and threats in real time 24 hours a day,” Ilia Vitiuk, head of the cybersecurity department at the Security Service of Ukraine (SBU), said in a statement. “We know that most of the hackers from the Russian special forces are attacking us.”
But even as Russia’s cyber operations appear poised to ramp up, Ukraine’s defenses remain strong, at least for now, according to U.S. and Ukrainian officials.
The U.S. and its allies have at times directed Ukraine’s own cyber forces on how to counter groups seeking to cripple its systems. U.S. officials have offered few details, though, as have they declined to talk about the information they provide Ukraine to help target its missiles and artillery systems.
Mr. Watts said Microsoft’s research showed Ukrainians had also become more resilient to Russian propaganda, and Ukrainians’ interest in Russian news sites had plummeted as the war continued.
Russia has instead focused its influence operations on Ukrainian refugees in Poland and other countries. Moscow is also targeting the NATO audience in an attempt to undercut support for the war.
“The decisive point for their influence operations now is Western Europe,” Mr Watts said. “They are trying to take aggressive steps to undermine Western European support for Ukraine.”
For now, Germany remains the most decisive battleground for Russian influence operations, and Moscow wants to make it harder for Berlin to continue providing additional military aid to Ukraine.
Russian propagandists have been pushing the narrative, blaming allied support for Ukraine for driving up inflation and energy prices, according to Microsoft and U.S. officials.
While the effectiveness of influence campaigns is difficult to judge, by some measures these efforts have been more successful than cyberattacks.
Russia attempted multiple cyberattacks on Ukraine’s energy networks last year. But of the hundreds of attacks on energy facilities that Ukrainian defenders defused, only 30 became serious incidents that caused damage, Mr. Vichuk said.
Russia’s sustained missile and drone attacks on power infrastructure have proven far more effective than cyberattacks, plunging much of the country into cold and darkness for days at a time.
Even where cyberattacks on the grid succeed, Mr Watts said, “Ukraine is very capable of coming back very quickly.”