Microsoft: Russian hacks paired with Ukraine air raids
Microsoft says cyberattacks by state-backed Russian hackers have destroyed data across dozens of organizations in Ukraine and produced a “chaotic information environment.”
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Cyberattacks by state-backed Russian hackers have destroyed data across dozens of organizations in Ukraine and produced “a chaotic information environment,” Microsoft says in a report released Wednesday.
Nearly half the destructive attacks were against critical infrastructure, many times simultaneous to bombings and missile attacks, the report notes.
Microsoft assessed that Russia-aligned threat groups were “pre-positioning for the conflict as early as March 2021,” hacking into networks to obtain footholds they could later use to collect “strategic and battlefield intelligence or to facilitate future destructive attacks.”
During the war, Russia’s cyberattacks “have at times not only degraded the functions of the targeted organizations but sought to disrupt citizens’ access to reliable information and critical life services, and to shake confidence in the country’s leadership,” the company's Digital Security Unit says in the 20-page report.
Kremlin cyber operations “have had an impact in terms of technical disruption of services and causing a chaotic information environment, but Microsoft is not able to evaluate their broader strategic impact,” the report says.
Disruption from Russian cyber activity has been more modest than many anticipated ahead of the Feb. 24 invasion, and Microsoft said damaging attacks have “been accompanied by broad espionage and intelligence activities.”
Early on, a cyberattack that also affected European broadband users knocked out satellite service to Ukrainian military, police and other institutions. But Ukrainian defenders, aided by outside cybersecurity firms, have also scored victories. Microsoft and Slovakia-based ESET helped them thwart an attempt earlier this month to cut power to millions of Ukrainians.
The report says groups with known or suspected ties with Russia’s GRU military intelligence agency have used destructive “wiper” malware “at a pace of two to three incidents a week since the eve of the invasion.”
It did not name specific targets but they are known to include telecommunications companies and local, regional and national agencies.
From the invasion onset until April 8, Microsoft said at least eight different malware strains were used in “nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine.”
In an accompanying blog, Microsoft executive Tom Burt noted that the company had also seen “limited espionage attack activity” targeting NATO member states.