Russian hackers appear to be preparing a fresh wave of cyberattacks against Ukraine, including a “ransomware-style” threat to organizations serving Ukraine’s supply lines, according to a Microsoft research report on Wednesday.
The report, authored by the tech giant’s cybersecurity research and analysis team, outlines a series of new discoveries about how Russian hackers operated during the Ukraine conflict and what could come next.
“Since January 2023, Microsoft has observed that Russian cyber threat activities are adjusting to increase destructive and intelligence capabilities on the civilian and military assets of Ukraine and its partners,” the report said. One group “appears to be preparing for another destructive campaign.”
The results come as Russia introduced new troops to the battlefield in eastern Ukraine, according to Western security officials. Ukraine’s Defense Minister Oleksiy Reznikov warned last month that Russia could speed up military activities around the February 24 anniversary of its invasion.
The Russian embassy in Washington did not immediately respond to a request for comment.
Experts say the tactic of combining physical military operations with cyber techniques reflects previous Russian activities.
“Coupling kinetic attacks with efforts to disrupt or deny defenders’ ability to coordinate and leverage cyber-dependent technology is not a new strategic approach,” said Emma Schroeder, associate director of the Atlantic Council’s Cyber Statecraft Initiative.
Microsoft found that a particularly sophisticated Russian hacking team, known in the cybersecurity research community as Sandworm, was “testing additional ransomware-style capabilities that could be used in destructive attacks on organizations outside of Ukraine, key functions in the supply lines of Ukraine”.
In a ransomware attack, hackers typically break into a company, encrypt its data, and extort payment to regain access. Historically, ransomware has also been used as a cover for more malicious cyber activities, including so-called wipers that simply destroy data.
Since January 2022, Microsoft says it has discovered at least nine different wipers and two types of ransomware variants used against more than 100 Ukrainian organizations.
These developments have been accompanied by an increase in more covert Russian cyber operations aimed at directly compromising organizations in Ukraine-allied countries, according to the report.
“In countries across America and Europe, particularly in Ukraine’s neighboring states, Russian threat actors have attempted to gain access to government and commercial organizations involved in efforts to assist Ukraine,” said Clint Watts, general manager of the Digital Microsoft Threat Analysis Center.
© Thomson Reuters 2023
