WASHINGTON – A group of Russian government-linked hackers appears to be preparing new cyberattacks against Ukrainian government infrastructure and offices, according to a Microsoft report released Wednesday, suggesting that Russia’s long-awaited spring offensive could include actions in the cyberspace, as well as on the ground.
The report also notes that Russia appears to be stepping up its influence operations outside of Ukraine in an attempt to weaken European and US support for continued military aid, intelligence sharing and other assistance to the Ukrainian government.
A bulldozer demolishes a multi-storey apartment block, destroyed in the course of the Russia-Ukraine conflict, in Mariupol, Russia-controlled Ukraine, March 16, 2023. REUTERS/Alexander Ermochenko
The effort would come as a faction of the Republican Party – and some of the Democratic Party – argue that supporting Ukraine is not in the fundamental interest of the United States.
For now, Russia’s main influence campaign is in Europe, but it will shift to the United States “as the year draws closer to the fall presidential election debate,” said Clint Watts, head of the Center for Analysis. of Microsoft Digital Threats.
Since before the war began a year ago, Russia’s efforts to use its considerable cyber capabilities against Ukraine, and its failure to cripple the government in the way US authorities hoped, have been the subject of intense study, and a certain mystery.
Evidence accumulated in recent months shows that Russia often tried to coordinate cyberattacks with physical attacks against the Ukrainian power grid and other targets.
But the Ukrainians were often one step ahead of Moscow and had security systems in place or had created new ones, such as moving much of the country’s digital operations to the cloud.
Microsoft’s report carries significant weight because the company’s warnings about pending cyberattacks in the run-up to the war were largely on point.
But it also suggests that Russia’s digital warriors, many of whom are linked to the country’s intelligence services, are trying again in the second year of the war.
In recent months, senior US officials have begun talking about their late-2021 efforts to help bolster Ukraine’s cyber defenses and the rush to move government agencies to the cloud in the weeks after the invasion began. .
That minimized the damage Russia was able to inflict – and allowed Ukrainian President Volodymyr Zelensky to broadcast daily Internet messages to rally citizens in the fight.
Microsoft said it believed a Russia-linked group it had tracked down was carrying out actions that could “be in preparation for a renewed offensive,” including reconnaissance, access operations and data-wiping “wiper” malware, while just like hackers did in the early days of last year’s invasion.
“There is an uptick in attempts to break into government targets, in attempts to break into critical infrastructure targets to then try to use modified or destructive ransomware attacks,” Watts said.
Ukrainian authorities claim that more than 10 cyberattacks are taking place a day, with Russian hackers targeting the energy sector, logistics facilities, military targets and government databases.
“We monitor risks and threats in real time 24/7,” said Ilia Vitiuk, head of the cybersecurity department of the Security Service of Ukraine, known as SBU.
“We know most of the Russian special services hackers working against us by name.”
But while Russian cyber operations appear about to escalate, Ukrainian defenses, at least for now, remain strong, according to US and Ukrainian officials.
The United States and its allies have at times given guidance to Ukraine’s own cyber forces on how to counterattack groups trying to cripple their systems.
However, US officials have provided few details, just as they have declined to discuss the information they provide to Ukraine to help direct its missile and artillery systems.
Watts said Microsoft’s research showed that Ukrainians had also become more resistant against Russian propaganda and that interest in Russian news sites among Ukrainians dropped sharply as the war progressed.
Russia has focused its influence operations on Ukrainian refugees in Poland and other countries.
Moscow has also targeted the NATO public, trying to erode support for the war.
“The decisive point for their influence operations now is Western Europe,” Watts said.
“They are trying to use active measures to undermine support for Ukraine in Western Europe.”
For now, Germany remains the most decisive battleground for Russian influence operations, as Moscow hopes to make it more difficult for Berlin to send additional military aid to Ukraine.
Russian propagandists, according to Microsoft and US officials, have been pushing narratives that blame allied support for Ukraine for driving up inflation and energy prices.
Although the effectiveness of influence campaigns is difficult to judge, in some respects such efforts have been more successful than cyberattacks.
Russia tried to carry out many cyberattacks against the Ukrainian energy grid last year.
But Ukrainian defenders neutralized hundreds of attacks on power facilities, with only 30 becoming critical incidents causing disruption, Vitiuk said.
Russia’s sustained campaign of missile and drone attacks against electrical infrastructure has also proven far more effective than cyberattacks, plunging much of the country into cold and darkness for days at a time.
Even when cyberattacks on the power grid were successful, Watts said,
“Ukraine was very capable of recovering very quickly.”
c.2023 The New York Times Company
look also