Washington: Microsoft reported on Wednesday that Russian hackers appear to be preparing a new surge of cyber assaults against Ukraine, including a “ransomware-style” threat to organisations serving Ukraine’s supply lines.
The report, written by the tech giant’s cyber security research and analysis team, outlines a series of new findings regarding how Russian hackers have operated during the Ukraine conflict and what may come next.
The report states, “Since January 2023, Microsoft has observed Russian cyber threat activity modifying its destructive and intelligence gathering capabilities against Ukraine and its partners’ civilian and military assets.” One group “appears to be preparing for a new campaign of destruction.”
Western security officials report that Russia has been deploying additional soldiers to the battlefield in eastern Ukraine. Last month, Ukraine’s Minister of Defense, Oleksiy Reznikov, warned that Russia’s military activities could intensify around the anniversary of its invasion on February 24.
The Russian embassy in Washington, DC did not respond to a request for comment promptly.
Combining physical military operations with cyber techniques, according to experts, is reminiscent of previous Russian actions.
“Combining kinetic attacks with efforts to disrupt or deny defenders’ coordination and use of cyber-dependent technology is not a novel strategic approach,” said Emma Schroeder, associate director of the Cyber Statecraft Initiative at the Atlantic Council.
Microsoft discovered that a particularly sophisticated Russian hacking group, known as Sandworm in the cyber security research community, was testing “additional ransomware-style capabilities that could be used in destructive attacks on organisations outside Ukraine that serve key functions in Ukraine’s supply lines.”
Typically, a ransomware attack involves hackers infiltrating an organisation, encrypting its data, and demanding payment to regain access. Historically, ransomware has been used as a cover for additional malevolent cyber activity, such as so-called wipers that merely delete data.
Since January 2022, Microsoft has discovered at least nine variants of wipers and two types of ransomware that have been employed against over one hundred Ukrainian organisations.
Also read: “Criticizing Government Citizen’s Rights”: Kapil Sibal
According to the report, these developments have been accompanied by an increase in Russian cyber operations designed to directly compromise organisations in countries allied with Ukraine.
“In nations across the Americas and Europe, particularly Ukraine’s neighbours, Russian threat actors have pursued access to government and commercial organisations supporting Ukraine,” said Clint Watts, general manager of Microsoft’s Digital Threat Analysis Center.