Russia has launched more than 200 cyberattacks on Ukraine to support the success of its military operations
The Ukrainian government estimates the damage caused by Russia to the infrastructures of the invaded country at 90 billion dollars. The military operations of the Russian troops that have caused this damage have been supported by a campaign of computer destruction, as detailed by Microsoft in the report where they calculate more than 237 cyber-attacks, some of them aimed at spying on NATO members as well.
The so-called cyberwar began before the military invasion itself, and in January several computer attacks directed from Russia to destabilize and destroy services and official documentation of Ukrainian institutions were already known. The Microsoft Threat Intelligence Center claims to have observed groups linked to Russian intelligence services intensifying attacks since March 2021.
“In early 2022, when diplomatic efforts failed to reduce rising tensions (…), Russian actors launched destructive attacks against Ukrainian organizations with increasing intensity” they say, noting that “it is likely that the attacks we have observed are only a fraction of the activity targeting Ukraine.”
Of the more than 200 attacks targeting organizations and infrastructure inside Ukraine, a good portion of them targeted the same systems marked by Russian troops in full offensive. To show this relationship Microsoft shares a graph showing chronologically the correlation between cyberwarfare and military operations.
The first week of March 2022 Russia seized Europe’s largest nuclear power plant after setting it on fire in a bombing raid. It is located in the Zaporiyia region of southeastern Ukraine and an explosion could have caused 10 times more damage than Chernobyl. A day before the seizure of this power plant, Microsoft records an attack by a group of cybercriminals linked to Russia accessing the computer network of the company in charge of nuclear energy.
In the report they also give as an example the intention to disinform from Russia. A Russian hacker group launched cyber attacks against a major broadcasting company on March 1, the same day that the Russian military announced its intention to destroy Ukrainian “disinformation” targets and directed a missile attack against a television tower in Kiev.
Among the destructive attacks observed Microsoft says 32% directly targeted Ukrainian government organizations and more than 40% targeted critical infrastructure organizations. “The actors involved in these attacks are using a variety of techniques to gain initial access to their targets, including phishing, using unpatched vulnerabilities and compromising IT service providers,” they explain.
The gangs behind these hacks are linked to the Russian intelligence services GRU, SVR and FSB. For example, Microsoft attributes three of them to Sandworm whose members are believed to be military hackers who are part of Unit 74455 of the Main Center for Special Technologies (GTsST) of the Russian GRU.
In addition to those cyber attacks aimed at destroying systems and information within critical industries in Ukraine, Microsoft also cites cyber espionage against countries supporting the invaded country, specifically against NATO members. “We have observed Russian-aligned actors active in Ukraine showing interest or conducting operations against organizations in the Baltics and Turkey, all NATO member states actively providing political, humanitarian or military support to Ukraine” they claim in the statement.
This suspicion is also based on recent reports from US intelligence agencies and other countries such as the UK or Australia warning of the risk of Russia retaliating for economic sanctions in the form of cyber-attacks. The US has warned in the last month that Russian hackers would be preparing to launch attacks outside Ukraine.