The Russian government is coordinating cyberattacks on Ukrainian critical infrastructure with missile and other physical strikes as Russian troops retreat from formerly occupied areas of Ukraine, Microsoft said in a report published on Saturday.
And the Kremlin could seek to expand cyberattacks against Ukraine’s supportive neighbors in an attempt to disrupt military and humanitarian supply chains and weaken European populations’ support for Kyiv, according to the report.
Bleak outlook: Microsoft’s report comes after nearly 10 months of brutal war in Ukraine, which has seen Russia hacking Ukrainian satellite systems, energy companies and other critical infrastructure, galvanizing international worries about how Moscow will next deploy its sophisticated cyber capabilities.
Expanding battlefield: In November, Microsoft blamed Russia for October ransomware attacks on infrastructure companies in Ukraine and Poland aimed at attacking companies involved in providing military and humanitarian assistance to Ukraine.Now, the tech giant says that campaign could be “a harbinger of Russia further extending cyberattacks beyond the borders of Ukraine,” with a focus on “countries and companies that are providing Ukraine with vital supply chains of aid and weaponry this winter.”
The October attacks had limited success — Microsoft said local defenders and its own experts “helped contain the attack’s impact to less than 20 percent of one targeted organization’s network” — but Microsoft assesses that Russian hackers “almost certainly collected intelligence on supply routes and logistics operations that could facilitate future attacks.”
Splintering the alliance: Russia is likely to expand its use of influence operations to “reduce support for Ukraine’s defense” by exploiting tensions in Europe over energy prices and shortages, according to the report, which cited Russian propaganda outlets’ steady promotion of European protests over issues such as inflation. Russia could also seek to stoke anti-migrant resentment as more people flee Ukraine amid power outages.
Missiles and malware: Microsoft has observed Russian cyberattacks targeting the same sectors as Moscow’s recent missile barrages retaliating against Ukrainian territorial gains.
In addition, the report says that destructive cyberattacks spiked in October after two relatively quiet months, with wiper malware attacks — meant to erase hard drives and make recovery more difficult — on energy, water and transportation infrastructure paralleling Ukraine’s ground counteroffensive.
Fifty-five percent of the roughly 50 organizations hit by Russian wiper attacks since February are critical infrastructure companies, Microsoft said.
Allies on alert: Microsoft is not alone in tracking these threats. NATO has also been keeping a close eye on developments in Ukraine, and the alliance has also seen evidence of Russia coordinating physical strikes with cyberattacks.
“We’ve seen cyber being used before the actual attack started, for example through defacing government websites and spreading disinformation to try to scare the population,” David van Weel, NATO’s assistant secretary general for emerging security challenges, told reporters during a virtual briefing on Friday. He said that NATO has tracked the use of deepfakes as well, including doctored videos of Ukrainian President Volodymyr Zelenskyy telling troops to surrender.
“We’ve seen cyber being used in conjunction with kinetic attacks, so whilst the military infrastructure was hit physically, it was also hit by cyberattacks,” van Weel noted.