Microsoft: Russian hacks often accompany Ukraine attacks 2022-04-27 16:02:46


BOSTON (AFP) – Cyber ​​attacks by state-backed Russian hackers have destroyed data across dozens of organizations in Ukraine and produced a “chaotic information environment,” Microsoft says. In a report released Wednesday.

The report notes that nearly half of the destructive attacks were against critical infrastructure, and many times they coincided with physical attacks.

Viktor Zora, a senior Ukrainian cybersecurity official, told reporters at a press briefing on Wednesday that cyber attacks on telecommunications sometimes coincided with artillery attacks and other physical attacks.

Microsoft assessed that Russia-aligned threat groups were “preparing for conflict as early as March 2021,” infiltrating networks to gain a foothold that they could later use to gather “strategic and battlefield intelligence or to facilitate future devastating attacks.”

During the war, the company’s digital security unit says that Russian cyberattacks “at times not only undermined the functions of the targeted organizations, but sought to disrupt citizens’ access to reliable information and life-critical services, and undermine confidence in the country’s leadership.” In the 20-page report.

The report says that the Kremlin’s cyber operations “have had an impact in terms of technical disruption to services and caused a chaotic information environment, but Microsoft is unable to assess its broader strategic impact.”

The disruption caused by Russian cyber activity was more modest than many had expected before the February 24 invasion, and Microsoft said the devastating attacks “were accompanied by extensive espionage and intelligence activities”.

Early on, a cyber attack also affected broadband users in Europe Disconnected from satellite service For the Ukrainian army, police and other institutions. But Ukrainian defenders, with the help of outside cybersecurity firms, have scored victories, too. Microsoft and Slovakia-based ESET helped thwart that An attempt earlier this month to cut off the power for millions of Ukrainians.

The report says that groups with known or suspected links to the GRU have used destructive “sweeping” malware “at a frequency of two to three incidents per week since the eve of the invasion”.

He did not mention specific targets, but they are known to include telecommunications companies and local, regional and national agencies.

From the start of the invasion through April 8, Microsoft said that at least eight different strains of malware had been used in “nearly 40 separate destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine.”

In an accompanying blog, Microsoft CEO Tom Burt noted that the company has also seen “limited spy attack activity” targeting NATO member states.