ARN

Russian hacking groups increase cyber attacks on Ukraine

Russia-backed hacking groups have wrought havoc in Ukrainian governmental and industrial systems and show signs of escalating cyber attacks on other targets including those outside of war zone, Microsoft reports.
  • Jon Gold (CSO (US))
  • 01 May, 2022 07:45

Hacking groups closely linked to the Russian government have made nearly 40 destructive attacks against hundreds of Ukrainian targets since the start of the invasion, according to a report issued by Microsoft.

The attacks have been largely, but not exclusively, targeted at Ukrainian government institutions, and Microsoft's report noted that these attacks have had damaging effects on the country's economy and civilian population, in addition to Ukraine's government and military.

Operating under the apparent direction of three main groups — the GRU military intelligence service, SVR interior ministry and FSB security service — Russian-backed hackers undertook a huge range of offensive cyber operations against Ukraine, ranging from phishing campaigns and misinformation to data theft and the destruction of critical systems, Microsoft said.

Energy infrastructure has been a particular target of the hackers, according to Microsoft, which noted that nuclear safety organisations and regional energy providers have been targeted by data theft and system destruction attacks. 

But the energy sector is far from the only one in the hackers' sights, as media organisations, logistics providers and even, in one case, an agricultural firm were compromised.

Pace of cyber attacks expected to quicken

Microsoft said that the pace of attacks is likely to quicken as the invasion continues, given Russian President Vladimir Putin's public insistence that the war "would continue until objectives were achieved." 

A blog post accompanying the report said that the scope of Russia's offensive cyber activities could even expand as the conflict wears on, noting that there are already indications of retaliatory measures being taken against the numerous countries providing material support to Ukraine.

"The alerts published by CISA and other US government agencies, and cyber officials in other countries, should be taken seriously and the recommended defensive and resilience measures should be taken – especially by government agencies and critical infrastructure enterprises," the post said.

Actions to protect against Russian cyber attacks

The report also included a list of recommended steps for governmental and infrastructure IT security workers. Microsoft urged the adoption of multi-factor authentication wherever possible, securing any internet-facing system, implementing an in-depth array of anti-malware and endpoint detection solutions, and ensuring the availability of audit functionality for key systems.

According to the report, some cyber attacks appeared to have been launched in tandem with real-world Russian attacks in Ukraine, but the exact degree of coordination between the hacking groups and the Russian military is difficult to determine.

"It is unclear if there is coordination, centralised tasking or merely a common set of understood priorities driving the correlation," the report said. "At times, computer network attacks immediately preceded a military attack, but those instances have been rare from our perspective."