Russian Hackers Continue Brutal Ukraine Cyber-Assault But Microsoft Is Fighting Back
Shortly after Russia invaded Ukraine
near the beginning of this year, some prominent hacking groups announced that they would be joining the war within the digital realm
. The hacking collective Anonymous declared cyberwar against the Russian government and has since been conducting cyberattacks on Russian and Belarusian government websites, news channels, and military operations systems. On the other side of the conflict is the Conti ransomware gang, which announced its full support of the Russian government and intention to strike back against Western cyber operations. The Russian-speaking ransomware group has since broken up and abandoned the Conti name
, but other Russian-based hacking groups are still conducting cyberattacks on Ukraine and its Western allies.
Microsoft is also participating in the conflict by joining the ongoing sanctions on Russia. Microsoft halted sales in Russia near the outset of the war, but, just last week, Microsoft began blocking Russian access
to Windows 11 and 10 downloads. However, beyond suspending sales and downloads, the tech giant is also providing critical cybersecurity assistance to Ukrainian infrastructure and government agencies.
Microsoft’s map of coordinated Russian cyber and military operations (click to enlarge)
Microsoft’s Threat Intelligence Center (MSTIC) has been heavily involved in detecting Russian cyberattacks. Over the past few months, the company has released multiple detailed reports cataloging and analyzing Russian cyberattacks against Ukraine, as well as other countries. Some analysts have commented on the apparent lack of notable cyberattacks as part of the war, but Microsoft is of the view that these observers simply aren’t looking close enough.
The company contends that recent Russian cyberattacks have been more targeted than the NotPetya attack of 2017, which spread across international boarders, wreaking widespread havoc. Those expecting a similarly dramatic attack have yet to see anything that flashy. Russian hackers involved in cyberwarfare against Ukraine are being more careful this time, restricting the scope of their operations.
According to Microsoft, Russia has been conducted coordinated strikes where the military and various cyber actors carry out joint operations. The image above lists some of these coordinated attacks, and Microsoft gives an additional example in one of its reports (PDF
): “when Russian missiles struck railway substations in Lviv on May 3—a key logistical center for the movement of military and humanitarian aid—the military’s Iridium group was already active within the digital networks of these same agencies.
Number of cyberattack against Ukraine since the beginning of the war (source: SSSCIP)
This week, the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) published numbers detailing the number of cyberattacks sustained by Ukraine in the first four months of the war. According to the SSSCIP, “The intensity of cyber attacks since the beginning of Russia's full-scale military invasion has not diminished, although their quality has decreased,” (translated by DeepL).
The total number of cyberattacks is just shy of 800, with government and local authorities, as well as security and defense forces, being hit the hardest so far. Fortunately for Ukraine, Microsoft reports that the country’s cyber defenses have managed to withstand attacks “far more often than they have failed.”