Russian hackers preparing new cyber assault against Ukraine, says Microsoft report

Russian hackers appear to be preparing a renewed wave of cyber attacks against Ukraine, including a “ransomware-style” threat, warned Microsoft in a report

March 16, 2023 09:50 am | Updated 09:50 am IST - WASHINGTON

Russian hackers preparing new cyber assault against Ukraine, says Microsoft report

Russian hackers preparing new cyber assault against Ukraine, says Microsoft report | Photo Credit: REUTERS

Russian hackers appear to be preparing a renewed wave of cyber attacks against Ukraine, including a "ransomware-style" threat to organisations serving Ukraine's supply lines, a research report by Microsoft said on Wednesday.

The report, authored by the tech giant’s cyber security research and analysis team, outlines a series of new discoveries about how Russian hackers have operated during the Ukraine conflict and what may come next.

“Since January 2023, Microsoft has observed Russian cyber threat activity adjusting to boost destructive and intelligence gathering capacity on Ukraine and its partners’ civilian and military assets,” the report reads. One group “appears to be preparing for a renewed destructive campaign.”

The findings come as Russia has been introducing new troops to the battlefield in eastern Ukraine, according to Western security officials. Ukraine Defense Minister Oleksiy Reznikov last month warned that Russia could accelerate its military activities surrounding the February 24 anniversary of its invasion.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

The Russian embassy in Washington did not immediately respond to a request for comment.

Experts say the tactic of combining physical military operations with cyber techniques mirrors prior Russian activity.

"Pairing kinetic attacks with efforts to disrupt or deny defenders’ ability to coordinate and to use cyber-dependent technology is not a new strategic approach," said Emma Schroeder, associate director of the Atlantic Council's Cyber Statecraft Initiative.

Microsoft found that a particularly sophisticated Russian hacking team, known within the cyber security research community as Sandworm, was testing “additional ransomware-style capabilities that could be used in destructive attacks on organisations outside Ukraine that serve key functions in Ukraine’s supply lines.”

A ransomware attack typically involves hackers penetrating an organisation, encrypting their data and extorting them for payment to regain access. Historically, ransomware has also been used as cover for more malicious cyber activity, including so-called wipers that simply destroy data.

Since January 2022, Microsoft said it had discovered at least nine different wipers and two types of ransomware variants used against more than 100 Ukrainian organisations.

These developments have been paired with a growth in more stealthy Russian cyber operations designed to directly compromise organisations in countries allied to Ukraine, according to the report.

"In nations throughout the Americas and Europe, especially Ukraine’s neighbors, Russian threat actors have sought access to government and commercial organizations involved in efforts to support Ukraine," said Clint Watts, general manager for Microsoft's Digital Threat Analysis Center.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.