We have already entered the second year of Russia’s war in Ukraine and a detailed study of the cyber attacks used in the first year of the conflict, as well as their evolution in recent months, provides us with important indications of what we may face in the future. what to expect The future The future of this hybrid war.
Since the start of the war, Russia has deployed at least nine new Viper malware families and two types of ransomware against more than 100 Ukrainian government and private organizations. Strong cyber defense agreements between the public and private sectors, as well as Ukrainian preparedness and resilience, have successfully defended most of these attacks, but Russian activity continues.
In 2023, Russia has ramped up its espionage attacks, targeting organizations in at least 17 European countries, most of which are government agencies. In addition, Viper malware attacks continue in Ukraine.
We also continue to monitor the development and deployment of new forms of ransomware. In November 2022, Microsoft and other security companies identified a new variant called Sullivan and deployed it against Ukrainian targets, in addition to ransomware prestige Which was launched by Russia in October 2022 in Poland and Ukraine. Our analysis shows that Russia will continue to conduct espionage attacks against Ukraine and its allies, as well as destructive attacks inside Ukraine and potentially outside Ukraine, as it did with the Prestige.
The Russian hybrid offensive also includes sophisticated impact operations. For example, the Moscow propaganda machine recently targeted Ukrainian refugees in Europe in an effort to deport them and force them into the Ukrainian military.
Russia-coalition influence campaigns have also succeeded in increasing tensions in Moldova. Russian media promoted the protests, supported by a pro-Russian political party, which encouraged citizens to demand that the government pay energy bills over the winter. Another Russia-aligned campaign, called “Moldova Leaks”, published alleged leaks from Moldovan politicians, yet another hybrid operation. hack and leak (literally, hack and leak) aimed at undermining the trust of European citizens in their governments.
Here are some of the most relevant points from the new report Microsoft Threat Intelligence Regarding Russian activity. The report highlights other broad and important trends.
First, Moscow’s hybrid war in Ukraine did not go according to plan. Ukraine’s strong commitment, the international security network and the resilience of the Ukrainian people against Russian propaganda efforts denied the Kremlin the quick victory it had hoped for.
Second, Russian cyber threats have repurposed their targets and technologies to gain intelligence on civilian and military assets of Ukraine and pro-states, and to prepare for destructive attacks against Ukraine. The development of new forms of ransomware is an example of this, such as the use of social media to sell backdoor hacked software to the public of Ukraine, allowing organizations early access, and targeting on-premises servers. Running a campaign Government physical and technology and disaster response companies in Europe.
Third, Russian attack efforts have no geographic boundaries. Cybercriminals with known or suspected ties to Russian intelligence services have attempted to gain firsthand access to defense-related or government organizations not only in Central and Eastern Europe, but also in the US.
We share this information with the goal of preparing our customers and the global community for the risk of expansion posed by these Russian targets and we share recommendations to strengthen digital defense strategies. At Microsoft, we are proud to have supported the cyber defense of Ukraine since the start of the Russian invasion, and our entire cyber intelligence community remains committed to detecting, advising on, and protecting against Russian cyber attacks and online threats as the conflict escalates. Entering the second phase.
Original post D Clint Watts – General Manager, Digital Threat Analysis Center, Here,