Russia correlates cyberattacks with its kinetic military operations in Ukraine – Microsoft
Russia has targeted Ukrainian government organizations and critical infrastructure, limiting people's access to reliable information and critical life services.
According to the latest Microsoft report detailing the relentless and destructive Russian cyberattacks, the Kremlin's use of cyber weapons is strongly correlated and sometimes directly timed with its kinetic military operations.
On the 1 March, the Russian military directed a missile strike against a TV tower in Kyiv. Its threat actor launched a cyberattack against a major broadcasting company on the same day.
Weeks after the Russian army began capturing nuclear power plants of Ukraine, sparking concerns about radiation, its threat actor stole data from a nuclear safety organization.
With the Mariupol siege underway, Ukrainians were flooded with emails allegedly from a Mariupol resident, falsely accusing Ukraine's government of "abandoning" Ukrainian citizens.
Microsoft has observed close to 40 destructive attacks targeting hundreds of systems, which are 'especially concerning.'
"32% of destructive attacks directly targeted Ukrainian government organizations at the national, regional, and city levels. More than 40% of destructive attacks were aimed at organizations in critical infrastructure sectors that could have negative second-order effects on the Ukrainian government, military, economy, and civilians," Microsoft said.
Russian threat actors have been using various techniques to gain initial access, including phishing, unpatched vulnerabilities, and compromising upstream IT service providers.
"These actors often modify their malware with each deployment to evade detection. Notably, our report attributes wiper malware attacks we previously disclosed to a Russian nation-state actor we call Iridium," the company said.
It noted that threat actors have been mirroring and augmenting military actions, and we can expect cyber offenses to escalate as the war in Ukraine rages.
"Russian nation-state threat actors may be tasked to expand their destructive actions outside of Ukraine to retaliate against those countries that decide to provide more military assistance to Ukraine and take more punitive measures against the Russian government in response to the continued aggression."
Russian-aligned actors also conduct operations in NATO member states, namely the Baltics and Turkey, actively providing political, humanitarian, or military support to Ukraine.
Recently, The Five Eyes, an intelligence-sharing alliance consisting of the US, UK, Australia, Canada, and New Zealand, issued a joint warning, claiming Russian state-sponsored actors, together with cyber gangs, might strike critical infrastructure in the West.
According to the warning, Russian cyber adversaries might employ cyberattacks as retaliatory measures to the economic costs imposed on Russia in the wake of Moscow's war in Ukraine.
The cyber watchdogs of five countries claim that cybercrime groups might work in tandem with state-sponsored actors.
More from Cybernews:
Subscribe to our newsletter