Hackers linked to Russian intelligence services are preparing for a new wave of cyberattacks against Ukraine, and possibly its allies. That writes software company Microsoft in a published this week report.
Microsoft is one of the Western tech companies working closely with Ukrainian authorities to protect the country from digital warfare. For example, in the run-up to the invasion, it helped to avert attacks on government computer systems, and to move important data from Ukrainian servers to cloud storage services, out of range of Russian guns, so that crucial government services could continue to function.
Read also Even Russia can withstand major cyber attacks for only a short time
In the months leading up to the Russian invasion, many analysts predicted that a war against Ukraine would begin with massive and devastating cyber-attacks on communications systems and critical infrastructure, among other things. Since the annexation of Crimea and the war in the Donbas in 2014, the country has experienced this several times.
That prediction has only partially come true: although Russian hackers carried out a barrage of attacks, they were often repelled or had relatively little impact on the course of the battle. An exception was an attack on satellite network ViaSat on the day of the raid, which severely hampered communications within the Ukrainian armed forces during the first hours of the war. After the first weeks, the cyber attacks decreased sharply in strength and number.
Spring offensive
Microsoft now says it has indications that the Russians may want to accompany a much-anticipated spring offensive on the battlefield with a new wave of cyberattacks. Analysts from the company uncovered several phishing campaigns targeting Ukrainian defense companies and the country’s energy sector in January. Hackers try to gain access to the computer systems of their targets, for example via fake e-mails. Also the Ukrainian National Press Agency Ukrinform was allegedly attacked.
In recent months, hackers have allegedly tried to gain access to computer systems of IT companies, financial institutions, media and humanitarian aid organizations, not only in Ukraine, but also in countries such as Romania, Lithuania, the United Kingdom, Italy and Brazil. .
Microsoft attributes the attacks to the hacker collective it calls IRIDIUM, otherwise known as Sandworm — a group affiliated with Russia’s military intelligence agency GRU. Technology sheet Wired announced on Wednesday that the hacker group recently headed by Yevgeny Serebryakovone of four Russian spies caught by the Dutch MIVD in 2018 attempting to hack into the headquarters of the Organization for the Prohibition of Chemical Weapons (OPCW) in The Hague.
Influencing campaigns
The researchers expect that the new Russian cyber offensive will include the use of ransomware – traditionally used by cybercriminals to extort companies. Target computer systems are then disabled by encrypting the data on them. Normally, the hackers then demand a ransom to undo the encryption. IRIDIUM already carried out such an attack last October transport companies in Ukraine and in Polandan important link in the country’s supply.
Microsoft foresees that Russian hackers will further shift their attention in the coming months to influence operations in European countries that support Ukraine politically and militarily, for example by pointing out the increased energy costs. Poland, Estonia and Finland in particular would then be logical targets, because elections will be held in those three countries this year.
Already now, Russian internet trolls in Poland are said to be supporting campaigns against the reception of Ukrainian refugees and aid to Kyiv. And in Bulgaria, a network of pro-Russian websites was promoted on social media.