Russia’s hackers and conventional military have repeatedly launched attacks against Ukraine that seem to have similar objectives, Microsoft said in a report Wednesday.
The findings indicate the Kremlin has consistently and strategically deployed hackers in a supporting role for its larger war efforts.
“Based on our direct engagement with impacted entities in Ukraine, we observed that cyber and kinetic military operations appeared to be directed toward similar military objectives,” the report stated.
As the creator of the Windows operating system and Microsoft Office programs, which are used throughout Ukraine’s government and private sector, Microsoft has broad visibility into attacks on computers there.
At least six distinct Russian government hacking groups have targeted Ukraine since the invasion began, the report found.
Russia has historically conducted some of the most high-profile cyberattacks in history against Ukraine, including an operation to confuse Ukrainian voters regarding who won the 2014 presidential election and attacks that temporarily knocked out power in parts of Kyiv in 2014 and 2015.
Since Russia’s invasion, Ukraine has not fallen victim to any cyberattacks that are as high-profile as those. Instead, it has faced a steady drumbeat of attacks, including disinformation campaigns, distributed denial-of-service attacks that temporarily knock websites offline, and “wiper” attacks, which infect computer networks and render them inoperable by deleting all files.
Victor Zhora, a top Ukrainian cybersecurity official, said in a news conference held over Zoom on Wednesday that he was aware of instances where Russia had attacked telecommunications companies with combinations of both missiles and cyberattacks.
“Sometimes they correlate with cyberattacks, especially attacks on telecom infrastructure in some areas,” he said. “So if they select some targets in certain regions, they can coordinate this with attacks on internet providers or telecom operators in this region, just to enlarge the effect of the attacks.”
Russia’s various hacker groups have aided its war objectives in a number of ways, Microsoft found.
In the weeks ahead of the invasion, a hacker group tied to Russian military intelligence that historically targeted people who work for national government agencies changed tactics and began targeting members of the Ukrainian military.
As the Russian military took over two nuclear power facilities of Chernobyl and Zaporizhzhia, Russia began disinformation operations that claimed Ukraine was secretly producing chemical and biological weapons.
And as Russia began to strategically shift its forces to concentrate on eastern Ukraine following its failure to take Kyiv, hackers launched destructive attacks on a Ukrainian logistics company and eastern Ukrainian government websites.
It’s logical for Russia’s military and cyber forces to have overlapping targets, said Gavin Wilde, a Russia analyst at the Krebs Stamos Group, a cybersecurity consulting company. Its own hacker groups have seemed to simultaneously hack the same victims at the same time without knowledge of each other.
“That the services are all chasing after the same soccer ball isn’t surprising,” Wilde said.
Zhora, the Ukrainian official, said that while fighting off Russian hackers was wearing, cyber defenders in Ukraine have largely stood their ground.
“Two months of war and cyberattacks are still intense, and we do feel continuous pressure on government agencies, critical infrastructure and information services, including media. Russian cyberwarfare is strong and poses a significant threat,” he said.
“But since they didn’t offer anything special during these two months, I suppose this is their potential,” Zhora said. “I don’t think they can scale their cyber warriors.”