WASHINGTON—At least six hacking groups linked to the Russian government have attempted hundreds of cyberattacks in Ukraine since Russia’s invasion in February, including dozens intended to destroy computer systems, according to new research from Microsoft Corp.
Moscow’s hacking activity amounts to a relentless onslaught of disruptive and destructive operations, often tactically paired with kinetic military maneuvers, in addition to traditional cyber espionage, Microsoft said. Though many attacks have been successful, Ukraine’s cyber defenses have repelled others, and Ukraine has so far largely evaded the kind of debilitating or nationwide cyber disruption that Western officials feared at the onset of the war.
“The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services, and have attempted to shake confidence in the country’s leadership,” Tom Burt, Microsoft’s vice president of customer security and trust, said in a blog post accompanying the research.
In a briefing with reporters Wednesday, Victor Zhora, the deputy chief of Ukraine’s cyber defense agency, said he thought Russia had activated its full offensive cyber capabilities against Ukraine as the war has dragged on and was unlikely to deploy “completely new” or unexpected cyber weapons.
“They are a serious threat. It would be a mistake to underestimate their potential ” Mr. Zhora said. “But at the same time… I suppose that we are completely able to resist, in cyberwar and the war generally.”
The Russia-backed hackers had also been “pre-positioning for conflict” as early as March 2021, Mr. Burt said, apparently in hopes of gaining broader access to Ukrainian networks that could be leveraged during the war. By mid-2021, some of the hackers were targeting supply-chain vendors in Ukraine and elsewhere “to secure further access not only to systems in Ukraine but also NATO member states,” Mr. Burt said, referring to the North Atlantic Treaty Organization. Supply-chain vendors are companies that sell software or other products that are widely used by other companies, making them lucrative targets for hackers.
The Russian Embassy in Washington didn’t immediately respond to a request for comment. Moscow has routinely denied allegations of cyberattacks against other countries and said it has been victimized recently by cyberattacks launched by Western powers.
The new findings from Microsoft, published Wednesday, largely support what cybersecurity experts, large technology companies and Western intelligence officials have observed so far: While large-scale, knockout blows have eluded them or been thwarted, Russian hackers have been highly active in the Ukraine conflict, focusing much of their efforts on more limited, tactical operations to support their military engagements.
Some attacks have been crude and amounted to mere annoyances, slowing some Ukrainians’ internet service or knocking it out altogether, defacing websites and destroying files on a small number of computers. Others have accomplished little more than keeping Ukraine’s cyber-defenders busy. More recently, as Russia’s strategic aims shifted to eastern Ukraine, new and more alarming attacks on Ukraine’s energy sector have been discovered.
Hackers have been pummeling the Ukrainian government and critical infrastructure since the beginning of the war, but over the past three weeks researchers at Cisco Systems Inc. have seen a gradual increase in sophisticated attacks from what appear to be more-experienced hackers, said Matt Olney, Cisco’s director of threat intelligence. “Before it was truly bull-in-a-china-shop type of stuff,” he said. “Now it’s more [like] sophisticated art theft.”
In some cases, Russia’s cyberattacks appeared “strongly correlated and sometimes directly timed with its kinetic military operations,” Mr. Burt said. He cited an example of cyberattacks directed at a major broadcasting company, Ukrtelecom, on March 1, the same day that Russian forces launched a missile strike on a TV tower in Kyiv. In another example, a separate Russian hacking group stole data in mid-March from a nuclear safety organization in the weeks following Russia’s capture of nuclear power plants, Microsoft said.
The efforts to hybridize the war have also been seen in the disinformation space. As Mariupol endured a prolonged siege by Russian forces, some Ukrainians were sent an email from a Russian hacking group pretending to be a resident of the city who accused the Ukrainian government of abandoning its citizens, Microsoft said.
In contrast to the confidence expressed by Mr. Zhora of the Ukrainian government, U.S. and Western intelligence officials have said they believe Russia has the capabilities and resources to deliver far more damaging cyberattacks against Ukraine than what has been seen so far. Some have said Russia’s initial miscalculation that Kyiv would fall in a matter of days contributed to an early reticence to launch cyberattacks against critical infrastructure that could severely cripple daily life in Ukraine.
Microsoft said it had observed nearly 40 destructive cyberattacks in Ukraine on hundreds of systems. Of those, about a third were directly aimed at Ukrainian government entities at the national, regional and city levels, and more than 40% targeted critical infrastructure sectors that could have knock-on effects on the Ukrainian government, military, economy and populace, Microsoft said.
—Robert McMillan contributed to this article.
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8