“Russia’s use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations,” said Tom Burt, a Microsoft vice president.
The Microsoft report is the most comprehensive public record yet of Russian hacking efforts related to the war in Ukraine. It fills in some gaps in public understanding of where Russia’s vaunted cyber capabilities have been deployed during the war.
Suspected Russian hackers “are working to compromise organizations in regions across Ukraine,” and may have been collecting intelligence on Ukrainian military partnerships many months before the full-scale invasion in February, the Microsoft report says.
Russia’s military attacks on Ukraine sometimes “correlate with cyberattacks, especially when it involves attacks on telecom infrastructure in some areas,” Victor Zhora, a senior Ukrainian government cyber official, told reporters Wednesday.
In the weeks after Russia’s latest invasion of Ukraine, some pundits and US officials were surprised that there hadn’t been more noticeably disruptive or debilitating Russian cyberattacks on the country. Possible explanations ranged from disorganization in Russian military planning to hardened Ukrainian defenses, to the fact that bombs and bullets take precedence over hacking in wartime.
But a barrage of alleged Russian and Belarusian hacks aimed at destabilizing Ukraine has indeed taken place, with some hacks emerging weeks after they took place. Some hacking attempts have been more successful than others.
NATO officials David Cattler and Daniel Black noted a series of alleged Russian data-wiping hacks aimed at Ukrainian organizations over multiple weeks.
Officials from the White House, Department of Homeland Security and other agencies have worked closely with Ukrainian counterparts to try to defend against Russian hacking and gain insights into Russian capabilities that might be used against the US.
“Ukraine was, unfortunately, kind of a playground for cyber weapons over the last eight years,” Zhora said. “And now we see that some technologies that were tested or some of attacks that were organized on Ukrainian infrastructure continue in other states.”
Zhora touted the resilience of Ukrainian network defenders.
Russian hackers “continue to be dangerous,” Zhora said Wednesday. “They continue to threaten democracies, threaten Ukrainian cyberspace. Nevertheless, I don’t think they can scale their cyber warriors or they can use some completely new technologies that can attack Ukrainian infrastructure.”
CNN has requested comment from the Russian Embassy in Washington on the Microsoft report.