Russian cyber army attempted to hack more than 128 organizations in 42 countries

Microsoft published an intelligence report on the Ukraine war that exposes Russia’s cyberattack strategy during the invasion. Brad Smith, president of the Redmond company, stated that the armed conflict is not only being waged on the front lines, but also includes coordinated attacks on data centers, infrastructure and allied countries that support the government of Volodímir Zelenski. According to Smith, the Ukraine war reflects a trend seen in other major conflicts. “Countries fight wars using the latest technology and wars themselves accelerate technological change,” he declared. The president of Microsoft indicates that the Kremlin’s strategy consists of destructive cyber attacks inside Ukraine, network penetration and espionage outside that country, as well as cyber influence operations — propaganda and fake news — aimed at the whole world.

Russia attacked key data centers and facilities with artillery during the first days of the invasion. At the same time, it carried out cyberattacks on banks and government institutions in order to infect computers with malware known as wiper, which destroys all the information on infected computers. Although cyber-wiper attacks focused on Ukraine, Kremlin-linked hackers attempted to compromise more than 128 organizations in 42 countries. Russia led the digital offensive against the United States, Poland and Baltic countries that coordinated the aid delivery. Microsoft detailed that Denmark, Norway, Finland, Sweden and Turkey are among the victims, as well as other NATO members. The attacks not only affected government offices of allied countries, but also humanitarian organizations, IT companies and critical infrastructure providers.

Although artillery and malware attacks are important in Russia’s invasion of Ukraine, a vital component of the strategy is manipulating information. Microsoft indicates that Russian agencies are focusing their influence operations on four fronts:

  • The Russian population, to maintain support for the war
  • The Ukrainian population, to undermine confidence in the country’s will and ability to confront the war
  • Americans and Europeans, to generate division and deflect criticism of Russian war crimes
  • Non-allied countries, to maintain their support at the UN and elsewhere.

Microsoft mentions that influence operations take advantage of the polarization that exists in the world today. Russia positions false narratives about the war and takes advantage of official channels and social networks to transmit fake news to the public around the world. The Russian operations built on others carried out in 2021, when they distributed false information about COVID-19 that sought to discourage vaccination.

The report exposes the dangers of relying solely on on-premises infrastructure and not the cloud. The Russians are capable of exploiting local networks and computers, such as what happened at SolarWinds, where attackers inserted malicious code into legitimate software updates. This allowed hackers from the Kremlin-linked Cozy Bear collective to access networks of the Treasury Department, the Department of Homeland Security and other US offices.

Microsoft’s report yields conclusions after four months of war, which can be used as a reference for future conflicts. The technology company points out that defense against a military invasion requires that most countries have the capacity to disburse and distribute data assets to other countries.